From f9ed53e6988f313d4e5f3fd817a17356ec445bb5 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Mon, 7 Aug 2017 17:13:27 -0700 Subject: [PATCH] Revocation reason (#4987) * fix revocation reason help text * add it to the docs * move and expand revoke reason example --- certbot/cli.py | 5 +++-- docs/using.rst | 6 ++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/certbot/cli.py b/certbot/cli.py index 7135f7600..e8b825a91 100644 --- a/certbot/cli.py +++ b/certbot/cli.py @@ -1156,9 +1156,10 @@ def _create_subparsers(helpful): " Currently --csr only works with the 'certonly' subcommand.") helpful.add("revoke", "--reason", dest="reason", - choices=CaseInsensitiveList(constants.REVOCATION_REASONS.keys()), + choices=CaseInsensitiveList(sorted(constants.REVOCATION_REASONS, + key=constants.REVOCATION_REASONS.get)), action=_EncodeReasonAction, default=0, - help="Specify reason for revoking certificate.") + help="Specify reason for revoking certificate. (default: unspecified)") helpful.add("rollback", "--checkpoints", type=int, metavar="N", default=flag_default("rollback_checkpoints"), diff --git a/docs/using.rst b/docs/using.rst index aae8efbf2..8d9a22847 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -383,6 +383,12 @@ use the ``revoke`` command to do so. Note that the ``revoke`` command takes the certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem +You can also specify the reason for revoking your certificate by using the ``reason`` flag. +Reasons include ``unspecified`` which is the default, as well as ``keycompromise``, +``affiliationchanged``, ``superseded``, and ``cessationofoperation``:: + + certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem --reason keycompromise + Additionally, if a certificate is a test certificate obtained via the ``--staging`` or ``--test-cert`` flag, that flag must be passed to the ``revoke`` subcommand.