undefined | Better HN

0 pointsregecks7y ago0 comments

At least with Let's Encrypt, you can revoke a certificate issued by a different ACME account, as long the ACME account you are revoking from has a valid authorization for all of the DNS identifiers on the certificate being revoked.

Of course, this is useless if the certificates were issued under a different CA, so your point is still valid. Prevention is better :) !

0 comments

Ajedi327y ago

> ACME account you are revoking from has a valid authorization for all of the DNS identifiers on the certificate being revoked

Does this mean that if GitHub did what CloudFlare does and batched multiple domains they serve into the same cert you wouldn't be able to revoke it?

I guess with a 90-day expiry it's not that big of a deal...

regecksOP7y ago

Yeah, that's a good point too.

j / k navigate · click thread line to collapse