Revocation reason (#4987)

* fix revocation reason help text * add it to the docs * move and expand revoke reason example
2026-01-26 07:41:33 +03:00 · 2017-08-07 17:13:27 -07:00
parent f31cb5f812
commit f9ed53e698
2 changed files with 9 additions and 2 deletions
--- a/certbot/cli.py
+++ b/certbot/cli.py
@@ -1156,9 +1156,10 @@ def _create_subparsers(helpful):
                " Currently --csr only works with the 'certonly' subcommand.")
    helpful.add("revoke",
                "--reason", dest="reason",
-                choices=CaseInsensitiveList(constants.REVOCATION_REASONS.keys()),
+                choices=CaseInsensitiveList(sorted(constants.REVOCATION_REASONS,
+                                                   key=constants.REVOCATION_REASONS.get)),
                action=_EncodeReasonAction, default=0,
-                help="Specify reason for revoking certificate.")
+                help="Specify reason for revoking certificate. (default: unspecified)")
    helpful.add("rollback",
                "--checkpoints", type=int, metavar="N",
                default=flag_default("rollback_checkpoints"),
--- a/docs/using.rst
+++ b/docs/using.rst
@@ -383,6 +383,12 @@ use the ``revoke`` command to do so. Note that the ``revoke`` command takes the

  certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem

+You can also specify the reason for revoking your certificate by using the ``reason`` flag.
+Reasons include ``unspecified`` which is the default, as well as ``keycompromise``,
+``affiliationchanged``, ``superseded``, and ``cessationofoperation``::
+
+  certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem --reason keycompromise
+
 Additionally, if a certificate
 is a test certificate obtained via the ``--staging`` or ``--test-cert`` flag, that flag must be passed to the
 ``revoke`` subcommand.