Add support for certificate revocation.

[markercm]

It would be nice to have a method for revoking certificates that exist within the Keyvault and were issued by the Acmebot.

An endpoint like /revoke-certificate similar to the /renew-certificate endpoint.

The official recommendation is to use certbot and the private key to revoke as outlined here https://letsencrypt.org/docs/revoking/ however, this requires that one run a certbot instance and download the certificate from the Keyvault.

If possible, a listing of each version from the Keyvaults with their expiration dates would be ideal way to sort them as the version string is not descriptive.

[shibayan]

I don't think there is enough need to prepare a GUI, so this is a low priority.

[adagioajanes]

This would be immensely useful. Right now we must manually revoke certificates to invalidate them.

[shibayan]

Please let me know the specific use case. I would like to consider it based on that.

[adagioajanes]

Whenever we are done with a certificate, right now you have to call up certbot manually, and revoke the certificate. Then, you have to go into key vault to delete it to ensure it is not used anymore. This manual process is cumbersome, compared to adding a certificate.

This disconnected process can leave things in a bad configuration state. You could end up assigning a revoked certificate if you don't delete it. As you add more certificates, the chances of this happening are even higher as things get disorganized.

Or the opposite, if a certificate is deleted from key vault, and not revoked, there is always the risk (albeit a low lisk since certificates are stored in the key vault) of having old certificates out there compromised.

For sake of organization and security, having a revoke function in the application would be extremely useful.

[shibayan]

Certificate revocation will be addressed in the future as it could be implemented with #342.