Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AlwaysDeactivateAuthorizations flag to ObtainRequest #1480

Merged
merged 4 commits into from
Sep 8, 2021
Merged

Add AlwaysDeactivateAuthorizations flag to ObtainRequest #1480

merged 4 commits into from
Sep 8, 2021

Conversation

MartinWeindel
Copy link
Contributor

After a successful certificate request, the authorizations may be cached by the ACME provider for some time.
For example Let's encrypt caches them for 30 days

If the registration account is shared between multiple clients, a client can request a new certificate for domains already requested by the original client without new validation.
To avoid this behaviour, the authorizations must be deactivated explicitly, see RFC 8555, Deactivating an Authorization

With this PR, a flag AlwaysDeactivateAuthorizations is introduced to the ObtainRequest and ObtainForCSRRequest to enable this deactivation after a successful certificate request optionally. The default behaviour is kept unchanged.

@ldez ldez self-requested a review September 3, 2021 11:06
@ldez ldez added this to the v4.5 milestone Sep 8, 2021
@ldez ldez added the area/cli label Sep 8, 2021
ldez
ldez approved these changes Sep 8, 2021
View reviewed changes
Copy link
Member

@ldez ldez left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you 👍

@ldez ldez merged commit 6d0e0e1 into go-acme:master Sep 8, 2021
@ldez ldez mentioned this pull request Nov 28, 2022
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ldez ldez ldez approved these changes

Assignees
No one assigned
Labels
area/cli area/lib enhancement
Milestone
v4.5
Development

Successfully merging this pull request may close these issues.
2 participants
@MartinWeindel @ldez