Public/Remove-PAServer.ps1
function Remove-PAServer { [CmdletBinding(SupportsShouldProcess,DefaultParameterSetName='DirUrl')] param( [Parameter(Position=0,ValueFromPipeline,ValueFromPipelineByPropertyName)] [ValidateScript({Test-ValidDirUrl $_ -ThrowOnFail})] [Alias('location')] [string]$DirectoryUrl, [Parameter(ValueFromPipelineByPropertyName)] [ValidateScript({Test-ValidFriendlyName $_ -ThrowOnFail})] [string]$Name, [switch]$DeactivateAccounts, [switch]$Force ) Process { if (-not $DirectoryUrl -and -not $Name) { try { throw "DirectoryUrl and/or Name must be specified." } catch { $PSCmdlet.ThrowTerminatingError($_) } } # try to find an existing server that matches DirectoryUrl/Name if ($DirectoryUrl) { # convert WellKnown names to their associated Url if ($DirectoryUrl -notlike 'https://*') { Write-Debug "$DirectoryUrl converted to $($script:WellKnownDirs.$DirectoryUrl)" $DirectoryUrl = $script:WellKnownDirs.$DirectoryUrl } # ignore the Name parameter when DirectoryUrl is specified $server = Get-PAServer -DirectoryUrl $DirectoryUrl -Quiet } else { # Try to find a server that matches Name instead $server = Get-PAServer -Name $Name -Quiet } # make sure we found something if (-not $server) { try { throw "No matching PAServer found on disk." } catch { $PSCmdlet.ThrowTerminatingError($_) } } # check for existing accounts $accountFiles = Get-ChildItem (Join-Path $server.Folder '*\acct.json') # confirm deletion unless -Force was used or there are no accounts if (-not $Force -and $accountFiles) { $msg = "Deleting a server will also delete the local copies of all associated accounts, orders, and certificates associated with it." if ($DeactivateAccounts) { $msg += " You have also chosen to deactivate the associated accounts." } $question = "Are you sure you wish to delete server $($server.location)?" if (-not $PSCmdlet.ShouldContinue($question,$msg)) { Write-Verbose "Delete aborted for server $($server.location)" return } } # save the current server because we need to switch away temporarily $oldServer = Get-PAServer # switch servers if necessary if ($oldServer -and $server.location -ne $oldServer.location) { Set-PAServer -DirectoryUrl $server.location -NoRefresh $SwitchBack = $true } elseif (-not $oldServer) { Set-PAServer -DirectoryUrl $server.location -NoRefresh } # deactivate the accounts if requested if ($DeactivateAccounts) { $accounts = Get-PAAccount -List | Where-Object { $_.status -eq 'valid' } $accounts | ForEach-Object { try { $_ | Set-PAAccount -Deactivate -Force } catch [AcmeException] { Write-Warning "Error deactivating account $($_.id): $($_.Exception.Message)" } } } Write-Verbose "Deleting server $($server.location)" Write-Debug "Folder located at $($server.Folder)" Remove-Item $server.Folder -Force -Recurse if ($SwitchBack) { # switch back to previous server $oldServer | Set-PAServer } else { # nothing to switch back to, so reload empty config from disk Remove-Item (Join-Path (Get-ConfigRoot) 'current-server.txt') -Force Import-PAConfig -Level 'Server' } } <# .SYNOPSIS Remove an ACME server and all associated accounts, orders, and certificates from the local profile. .DESCRIPTION This function removes the ACME server from the local profile which also removes any associated accounts, orders and certificates. It will not remove or cleanup copies of certificates that have been exported or installed elsewhere. It will not revoke any certificates that are still valid. It will not deactivate the accounts on the ACME server unless the -DeactivateAccounts switch is specified. .PARAMETER DirectoryUrl Either the URL to an ACME server's "directory" endpoint or one of the supported short names. Currently supported short names include LE_PROD (LetsEncrypt Production v2) and LE_STAGE (LetsEncrypt Staging v2). .PARAMETER Name The name of the ACME server. The parameter is ignored if DirectoryUrl is specified. .PARAMETER DeactivateAccounts If specified, an attempt will be made to deactivate the accounts in this profile before deletion. Clients may wish to do this if the account key is compromised or being decommissioned. .PARAMETER Force If specified, interactive confirmation prompts will be skipped. .EXAMPLE Remove-PAServer LE_STAGE Remove the staging server without deactivating accounts. .LINK Project: https://github.com/rmbolger/Posh-ACME .LINK Get-PAServer .LINK Set-PAServer #> } |