Don't rename certificate if it's not actually revoked #643

New Issue

Open

opened 2025-12-29 01:28:09 +01:00 by adam · 0 comments

adam commented 2025-12-29 01:28:09 +01:00

Owner

Copy Link

Originally created by @GTAXL on GitHub (May 26, 2025).

I attempted to revoke a certificate that was issued by SSL.com. I made the mistake of not specifying the proper CA and it made the request against Let's Encrypt resulting in an error. However dehydrated still went ahead and renamed the certificate to revoked and removed the cert.pem symlink. I think this error handling could of been done better.

[root@test01:conf.d] dehydrated --revoke /certdeploy/certdeploy-sslcom.insaneinvestigations.com/cert.pem
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/certdeploy.sh
# INFO: Running /usr/bin/dehydrated as certdeploy/certdeploy
# INFO: Using main config file /etc/dehydrated/config
# INFO: Using additional config file /etc/dehydrated/conf.d/certdeploy.sh
Revoking /certdeploy/certdeploy-sslcom.insaneinvestigations.com/cert-1748277052.pem
  + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/revoke-cert (Status 404)

Details:
HTTP/2 404
server: nginx
date: Mon, 26 May 2025 17:22:36 GMT
content-type: application/problem+json
content-length: 141
cache-control: public, max-age=0, no-cache
link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
replay-nonce: hsy8zaa5x5V9TARwiCGLjagX88Ek0g11ZbPnucnhZzC2gkZuHj8

{
  "type": "urn:ietf:params:acme:error:malformed",
  "detail": "Unable to revoke :: Certificate from unrecognized issuer",
  "status": 404
}

 + Done.
 + Renaming certificate to /certdeploy/certdeploy-sslcom.insaneinvestigations.com/cert-1748277052.pem-revoked
[root@test01:conf.d]

Originally created by @GTAXL on GitHub (May 26, 2025). I attempted to revoke a certificate that was issued by SSL.com. I made the mistake of not specifying the proper CA and it made the request against Let's Encrypt resulting in an error. However dehydrated still went ahead and renamed the certificate to revoked and removed the cert.pem symlink. I think this error handling could of been done better. ``` [root@test01:conf.d] dehydrated --revoke /certdeploy/certdeploy-sslcom.insaneinvestigations.com/cert.pem # INFO: Using main config file /etc/dehydrated/config # INFO: Using additional config file /etc/dehydrated/conf.d/certdeploy.sh # INFO: Running /usr/bin/dehydrated as certdeploy/certdeploy # INFO: Using main config file /etc/dehydrated/config # INFO: Using additional config file /etc/dehydrated/conf.d/certdeploy.sh Revoking /certdeploy/certdeploy-sslcom.insaneinvestigations.com/cert-1748277052.pem + ERROR: An error occurred while sending post-request to https://acme-v02.api.letsencrypt.org/acme/revoke-cert (Status 404) Details: HTTP/2 404 server: nginx date: Mon, 26 May 2025 17:22:36 GMT content-type: application/problem+json content-length: 141 cache-control: public, max-age=0, no-cache link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index" replay-nonce: hsy8zaa5x5V9TARwiCGLjagX88Ek0g11ZbPnucnhZzC2gkZuHj8 { "type": "urn:ietf:params:acme:error:malformed", "detail": "Unable to revoke :: Certificate from unrecognized issuer", "status": 404 } + Done. + Renaming certificate to /certdeploy/certdeploy-sslcom.insaneinvestigations.com/cert-1748277052.pem-revoked [root@test01:conf.d] ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

sudo-env

testing

rfc8738

jsonsh

v0.7.2

v0.7.1

v0.7.0

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.1

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels

Complicated

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

suggestions wanted

testing

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#643