Collapse DB migrations into a single file (#5305)

Remove five years of built-up database goose migration files. Replace them with a single file which contains a snapshot of the current database schema, which has been confirmed to be identical to the current schema live in production. Part of #5254
2021-02-25 09:50:27 -08:00 · 2021-02-25 09:50:27 -08:00 · f92cefe0c8
parent a1df5bd35b
commit f92cefe0c8
54 changed files with 237 additions and 1038 deletions
--- a/sa/_db/migrations/20150818171317_InitialSchema.sql
+++ b/sa/_db/migrations/20150818171317_InitialSchema.sql
@ -1,141 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `registrations` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `jwk` mediumblob NOT NULL,
  `jwk_sha256` varchar(255) NOT NULL,
  `contact` varchar(255) DEFAULT NULL,
  `agreement` varchar(255) DEFAULT NULL,
  `LockCol` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `jwk_sha256` (`jwk_sha256`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `authz` (
  `id` varchar(255) NOT NULL,
  `identifier` varchar(255) DEFAULT NULL,
  `registrationID` bigint(20) DEFAULT NULL,
  `status` varchar(255) DEFAULT NULL,
  `expires` datetime DEFAULT NULL,
  `combinations` varchar(255) DEFAULT NULL,
  `sequence` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `regId_idx` (`registrationID`) COMMENT 'Common lookup',
  CONSTRAINT `regId_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `certificates` (
  `registrationID` bigint(20) DEFAULT NULL,
  `status` varchar(255) DEFAULT NULL,
  `serial` varchar(255) NOT NULL,
  `digest` varchar(255) DEFAULT NULL,
  `der` mediumblob,
  `issued` datetime DEFAULT NULL,
  `expires` datetime DEFAULT NULL,
  PRIMARY KEY (`serial`),
  KEY `regId_certificates_idx` (`registrationID`) COMMENT 'Common lookup',
  CONSTRAINT `regId_certificates` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `certificateStatus` (
  `serial` varchar(255) NOT NULL,
  `subscriberApproved` tinyint(1) DEFAULT NULL,
  `status` varchar(255) DEFAULT NULL,
  `ocspLastUpdated` datetime DEFAULT NULL,
  `revokedDate` datetime DEFAULT NULL,
  `revokedReason` int(11) DEFAULT NULL,
  `lastExpirationNagSent` datetime DEFAULT NULL,
  `LockCol` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`serial`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `challenges` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `authorizationID` varchar(255) NOT NULL,
  `LockCol` bigint(20) DEFAULT NULL,
  `type` varchar(255) NOT NULL,
  `status` varchar(255) NOT NULL,
  `error` mediumblob DEFAULT NULL,
  `validated` datetime DEFAULT NULL,
  `uri` varchar(255) DEFAULT NULL,
  `token` varchar(255) NOT NULL,
  `tls` tinyint(1) DEFAULT NULL,
  `validation` mediumblob,
  `validationRecord` mediumblob,
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `crls` (
  `serial` varchar(255) NOT NULL,
  `createdAt` datetime NOT NULL,
  `crl` varchar(255) NOT NULL,
  PRIMARY KEY (`serial`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `deniedCSRs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `names` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `ocspResponses` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `serial` varchar(255) NOT NULL,
  `createdAt` datetime NOT NULL,
  `response` mediumblob,
  PRIMARY KEY (`id`),
  KEY `SERIAL` (`serial`) COMMENT 'Actual lookup mechanism'
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `pending_authz` (
  `id` varchar(255) NOT NULL,
  `identifier` varchar(255) DEFAULT NULL,
  `registrationID` bigint(20) DEFAULT NULL,
  `status` varchar(255) DEFAULT NULL,
  `expires` datetime DEFAULT NULL,
  `combinations` varchar(255) DEFAULT NULL,
  `LockCol` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `regId_idx` (`registrationID`),
  CONSTRAINT `regId_pending_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `identifierData` (
  `reversedName` varchar(255) NOT NULL,
  `certSHA1` varchar(40) NOT NULL,
  UNIQUE INDEX (certSha1, reversedName)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `externalCerts` (
  `sha1` varchar(40) NOT NULL,
  `issuer` text DEFAULT NULL,
  `subject` text DEFAULT NULL,
  `notAfter` datetime DEFAULT NULL,
  `spki` blob DEFAULT NULL,
  `valid` tinyint(1) DEFAULT NULL,
  `ev` tinyint(1) DEFAULT NULL,
  `rawDERCert` blob DEFAULT NULL,
  UNIQUE INDEX (sha1)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `pending_authz` DROP FOREIGN KEY `regId_pending_authz`;
 ALTER TABLE `certificates` DROP FOREIGN KEY `regId_certificates`;
 ALTER TABLE `authz` DROP FOREIGN KEY `regId_authz`;
 DROP TABLE `registrations`;
 DROP TABLE `authz`;
 DROP TABLE `certificates`;
 DROP TABLE `certificateStatus`;
 DROP TABLE `challenges`;
 DROP TABLE `crls`;
 DROP TABLE `deniedCSRs`;
 DROP TABLE `ocspResponses`;
 DROP TABLE `pending_authz`;
 DROP TABLE `identifierData`;
 DROP TABLE `externalCerts`;
--- a/sa/_db/migrations/20150826211856_AddChallengeAccountKey.sql
+++ b/sa/_db/migrations/20150826211856_AddChallengeAccountKey.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `challenges` ADD COLUMN (
  `accountKey` mediumblob
 );
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `challenges` DROP COLUMN `accountKey`;
--- a/sa/_db/migrations/20150827160921_AddAuthIDIndexToChallenges.sql
+++ b/sa/_db/migrations/20150827160921_AddAuthIDIndexToChallenges.sql
@ -1,11 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE INDEX `authorizationID_challenges_idx` on `challenges` (`authorizationID`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP INDEX `authorizationID_challenges_idx` on `challenges`;
--- a/sa/_db/migrations/20150827201311_DeleteSequenceFromAuthz.sql
+++ b/sa/_db/migrations/20150827201311_DeleteSequenceFromAuthz.sql
@ -1,8 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `authz` DROP COLUMN `sequence`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `authz` ADD COLUMN `sequence` bigint(20) DEFAULT NULL;
--- a/sa/_db/migrations/20150828005159_RegistrationsNotNullManyFields.sql
+++ b/sa/_db/migrations/20150828005159_RegistrationsNotNullManyFields.sql
@ -1,14 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `registrations` MODIFY `contact` varchar(255) NOT NULL;
 ALTER TABLE `registrations` MODIFY `agreement` varchar(255) NOT NULL;
 ALTER TABLE `registrations` MODIFY `LockCol` bigint(20) NOT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `registrations` MODIFY `contact` varchar(255) DEFAULT NULL;
 ALTER TABLE `registrations` MODIFY `agreement` varchar(255) DEFAULT NULL;
 ALTER TABLE `registrations` MODIFY `LockCol` bigint(20) DEFAULT NULL;
--- a/sa/_db/migrations/20150828155940_AuthzNotNullManyFields.sql
+++ b/sa/_db/migrations/20150828155940_AuthzNotNullManyFields.sql
@ -1,26 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `authz` MODIFY `identifier` varchar(255) NOT NULL;
 ALTER TABLE `authz` DROP FOREIGN KEY `regId_authz`;
 ALTER TABLE `authz` MODIFY `registrationID` bigint(20) NOT NULL;
 ALTER TABLE `authz` ADD CONSTRAINT `regId_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION;
 ALTER TABLE `authz` MODIFY `status` varchar(255) NOT NULL;
 ALTER TABLE `authz` MODIFY `expires` datetime NOT NULL;
 ALTER TABLE `authz` MODIFY `combinations` varchar(255) NOT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `authz` MODIFY `identifier` varchar(255) DEFAULT NULL;
 ALTER TABLE `authz` DROP FOREIGN KEY `regId_authz`;
 ALTER TABLE `authz` MODIFY `registrationID` bigint(20) DEFAULT NULL;
 ALTER TABLE `authz` ADD CONSTRAINT `regId_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION;
 ALTER TABLE `authz` MODIFY `status` varchar(255) DEFAULT NULL;
 ALTER TABLE `authz` MODIFY `expires` datetime DEFAULT NULL;
 ALTER TABLE `authz` MODIFY `combinations` varchar(255) DEFAULT NULL;
--- a/sa/_db/migrations/20150828161056_DropStatusColumnOnCertificate.sql
+++ b/sa/_db/migrations/20150828161056_DropStatusColumnOnCertificate.sql
@ -1,10 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `certificates` DROP COLUMN `status`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `certificates` ADD COLUMN `status` varchar(255) DEFAULT NULL;
--- a/sa/_db/migrations/20150828163255_RemoveChallengeURI.sql
+++ b/sa/_db/migrations/20150828163255_RemoveChallengeURI.sql
@ -1,13 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `challenges` DROP COLUMN `uri`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `challenges` ADD COLUMN (
  `uri` varchar(255)
 );
--- a/sa/_db/migrations/20150904105711_CertificateNotNullManyFields.sql
+++ b/sa/_db/migrations/20150904105711_CertificateNotNullManyFields.sql
@ -1,23 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `certificates` DROP FOREIGN KEY `regId_certificates`;
 ALTER TABLE `certificates` MODIFY `registrationID` bigint(20) NOT NULL;
 ALTER TABLE `certificates` ADD CONSTRAINT `regId_certificates` FOREIGN KEY (`registrationID`)  REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION;
 ALTER TABLE `certificates` MODIFY `digest` varchar(255) NOT NULL;
 ALTER TABLE `certificates` MODIFY `der` mediumblob NOT NULL;
 ALTER TABLE `certificates` MODIFY `issued` datetime NOT NULL;
 ALTER TABLE `certificates` MODIFY `expires` datetime NOT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `certificates` DROP FOREIGN KEY `regId_certificates`;
 ALTER TABLE `certificates` MODIFY `registrationID` bigint(20) DEFAULT NULL;
 ALTER TABLE `certificates` ADD CONSTRAINT `regId_certificates` FOREIGN KEY (`registrationID`)  REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION;
 ALTER TABLE `certificates` MODIFY `digest` varchar(255) DEFAULT NULL;
 ALTER TABLE `certificates` MODIFY `der` mediumblob DEFAULT NULL;
 ALTER TABLE `certificates` MODIFY `issued` datetime DEFAULT NULL;
 ALTER TABLE `certificates` MODIFY `expires` datetime DEFAULT NULL;
--- a/sa/_db/migrations/20150904120119_AuthzExpiresMayBeNull.sql
+++ b/sa/_db/migrations/20150904120119_AuthzExpiresMayBeNull.sql
@ -1,9 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `authz` MODIFY `expires` datetime DEFAULT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `authz` MODIFY `expires` datetime NOT NULL;
--- a/sa/_db/migrations/20150904121736_CertificateStatusNotNullManyFields.sql
+++ b/sa/_db/migrations/20150904121736_CertificateStatusNotNullManyFields.sql
@ -1,23 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `certificateStatus` MODIFY `subscriberApproved` tinyint(1) NOT NULL;
 ALTER TABLE `certificateStatus` MODIFY `status` varchar(255) NOT NULL;
 ALTER TABLE `certificateStatus` MODIFY `ocspLastUpdated` datetime NOT NULL;
 ALTER TABLE `certificateStatus` MODIFY `revokedDate` datetime NOT NULL;
 ALTER TABLE `certificateStatus` MODIFY `revokedReason` int(11) NOT NULL;
 ALTER TABLE `certificateStatus` MODIFY `lastExpirationNagSent` datetime NOT NULL;
 ALTER TABLE `certificateStatus` MODIFY `LockCol` bigint(20) NOT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `certificateStatus` MODIFY `subscriberApproved` tinyint(1) DEFAULT NULL;
 ALTER TABLE `certificateStatus` MODIFY `status` varchar(255) DEFAULT NULL;
 ALTER TABLE `certificateStatus` MODIFY `ocspLastUpdated` datetime DEFAULT NULL;
 ALTER TABLE `certificateStatus` MODIFY `revokedDate` datetime DEFAULT NULL;
 ALTER TABLE `certificateStatus` MODIFY `revokedReason` int(11) DEFAULT NULL;
 ALTER TABLE `certificateStatus` MODIFY `lastExpirationNagSent` datetime DEFAULT NULL;
 ALTER TABLE `certificateStatus` MODIFY `LockCol` bigint(20) DEFAULT NULL;
--- a/sa/_db/migrations/20150904132303_OCSPResponsesNotNullManyFields.sql
+++ b/sa/_db/migrations/20150904132303_OCSPResponsesNotNullManyFields.sql
@ -1,10 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `ocspResponses` MODIFY `response` mediumblob NOT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `ocspResponses` MODIFY `response` mediumblob DEFAULT NULL;
--- a/sa/_db/migrations/20150904143114_PendingAuthzNotNullManyFields.sql
+++ b/sa/_db/migrations/20150904143114_PendingAuthzNotNullManyFields.sql
@ -1,28 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `pending_authz` MODIFY `identifier` varchar(255) NOT NULL;
 ALTER TABLE `pending_authz` DROP FOREIGN KEY `regId_pending_authz`;
 ALTER TABLE `pending_authz` MODIFY `registrationID` bigint(20) NOT NULL;
 ALTER TABLE `pending_authz` ADD CONSTRAINT `regId_pending_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION;
 ALTER TABLE `pending_authz` MODIFY `status` varchar(255) NOT NULL;
 ALTER TABLE `pending_authz` MODIFY `combinations` varchar(255) NOT NULL;
 ALTER TABLE `pending_authz` MODIFY `LockCol` bigint(20) NOT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `pending_authz` MODIFY `identifier` varchar(255) DEFAULT NULL;
 ALTER TABLE `pending_authz` DROP FOREIGN KEY `regId_pending_authz`;
 ALTER TABLE `pending_authz` MODIFY `registrationID` bigint(20) DEFAULT NULL;
 ALTER TABLE `pending_authz` ADD CONSTRAINT `regId_pending_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION;
 ALTER TABLE `pending_authz` MODIFY `status` varchar(255) DEFAULT NULL;
 ALTER TABLE `pending_authz` MODIFY `combinations` varchar(255) DEFAULT NULL;
 ALTER TABLE `pending_authz` MODIFY `LockCol` bigint(20) DEFAULT NULL;
--- a/sa/_db/migrations/20150904144656_RenamePendingAuthz.sql
+++ b/sa/_db/migrations/20150904144656_RenamePendingAuthz.sql
@ -1,9 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 RENAME TABLE `pending_authz` to `pendingAuthorizations`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 RENAME TABLE `pendingAuthorizations` to `pending_authz`;
--- a/sa/_db/migrations/20150916173200_SCTReceipts.sql
+++ b/sa/_db/migrations/20150916173200_SCTReceipts.sql
@ -1,21 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `sctReceipts` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `sctVersion` tinyint(1) NOT NULL,
  `logID` varchar(255) NOT NULL,
  `timestamp` bigint(20) NOT NULL,
  `extensions` blob,
  `signature` blob,
  `certificateSerial` varchar(255) NOT NULL,
  `LockCol` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `certificateSerial_logID` (`certificateSerial`, `logID`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `sctReceipts`;
--- a/sa/_db/migrations/20150922165824_UpdateSerialNumbersOfOldCerts.sql
+++ b/sa/_db/migrations/20150922165824_UpdateSerialNumbersOfOldCerts.sql
@ -1,15 +0,0 @@
 -- This bit of weirdness is because we had to change how long our serial ids
 -- were. Fortunately, zero padding them works fine. For some details, see
 -- https://github.com/letsencrypt/boulder/issues/834
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 UPDATE certificates SET serial = CONCAT('0000', serial) WHERE length(serial) = 32;
 UPDATE certificateStatus SET serial = CONCAT('0000', serial) WHERE length(serial) = 32;
 UPDATE ocspResponses SET serial = CONCAT('0000', serial) WHERE length(serial) = 32;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 UPDATE certificates SET serial = SUBSTR(serial, 5) WHERE length(serial) = 36 AND serial LIKE '0000%';
 UPDATE certificateStatus SET serial = SUBSTR(serial, 5) WHERE length(serial) = 36 AND serial LIKE '0000%';
 UPDATE ocspResponses SET serial = SUBSTR(serial, 5) WHERE length(serial) = 36 AND serial LIKE '0000%';
--- a/sa/_db/migrations/20150925184726_AddNamesTable.sql
+++ b/sa/_db/migrations/20150925184726_AddNamesTable.sql
@ -1,20 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `issuedNames` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  -- DNS names are restricted to the ASCII character set.
  -- 640 char limit is enforced in policy-authority.go.
  `reversedName` VARCHAR(640) CHARACTER SET ascii NOT NULL,
  `notBefore` DATETIME NOT NULL,
  `serial` VARCHAR(255) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `reversedName_notBefore_Idx` (`reversedName`, `notBefore`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `issuedNames`;
--- a/sa/_db/migrations/20150929135041_AddCertificateStatusLastOCSPUpdatedIndex.sql
+++ b/sa/_db/migrations/20150929135041_AddCertificateStatusLastOCSPUpdatedIndex.sql
@ -1,10 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE INDEX `ocspLastUpdated_certificateStatus_idx` on `certificateStatus` (`ocspLastUpdated`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP INDEX `ocspLastUpdated_certificateStatus_idx` on `certificateStatus`;
--- a/sa/_db/migrations/20151002162726_CorrectDefaultUTFCharset.sql
+++ b/sa/_db/migrations/20151002162726_CorrectDefaultUTFCharset.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 -- Adjust utf8mb4 is the real 4-byte UTF-8. But to fit the contact column in an
 -- index entirely, we need to adjust 255 down to 191.
 ALTER TABLE `registrations` MODIFY COLUMN contact varchar(191) CHARACTER SET utf8mb4 NOT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `registrations` MODIFY COLUMN contact varchar(255) CHARACTER SET utf8 NOT NULL;
--- a/sa/_db/migrations/20151003141825_AddKeyAuthorization.sql
+++ b/sa/_db/migrations/20151003141825_AddKeyAuthorization.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `challenges` ADD COLUMN (`keyAuthorization` varchar(255));
 ALTER TABLE `challenges` DROP COLUMN `validation`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `challenges` DROP COLUMN `keyAuthorization`;
 ALTER TABLE `challenges` ADD COLUMN (`validation` mediumblob);
--- a/sa/_db/migrations/20151008234926_AddInitialIPAndCreatedAt.sql
+++ b/sa/_db/migrations/20151008234926_AddInitialIPAndCreatedAt.sql
@ -1,14 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `registrations` ADD COLUMN (
  `initialIP` BINARY(16) NOT NULL DEFAULT "",
  `createdAt` DATETIME NOT NULL
 );
 CREATE INDEX `initialIP_createdAt` on `registrations` (`initialIP`, `createdAt`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP INDEX `initialIP_createdAt` on `registrations`;
--- a/sa/_db/migrations/20151009155300_MoveOCSPResponseToCertificateStatus.sql
+++ b/sa/_db/migrations/20151009155300_MoveOCSPResponseToCertificateStatus.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `certificateStatus` ADD COLUMN (`ocspResponse` blob);
 CREATE INDEX `status_certificateStatus_idx` on `certificateStatus` (`status`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP INDEX `status_certificateStatus_idx` on `certificateStatus`;
 ALTER TABLE `certificateStatus` DROP COLUMN `ocspResponse`;
--- a/sa/_db/migrations/20151015112508_ReindexPendingAuthz.sql
+++ b/sa/_db/migrations/20151015112508_ReindexPendingAuthz.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE INDEX `regId_expires_idx` on `pendingAuthorizations` (`registrationID`, `expires`);
 DROP INDEX `regId_idx` on `pendingAuthorizations`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 CREATE INDEX `regId_idx` on `pendingAuthorizations` (`registrationID`);
 DROP INDEX `regId_expires_idx` on `pendingAuthorizations`;
--- a/sa/_db/migrations/20151025174914_AddLatestValidAuthzIndex.sql
+++ b/sa/_db/migrations/20151025174914_AddLatestValidAuthzIndex.sql
@ -1,11 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE INDEX `registrationID_identifier_status_expires_authz_idx` on authz (`registrationID`, `identifier`, `status`, `expires` desc);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP INDEX `registrationID_identifier_status_expires_authz_idx` on `authz`;
--- a/sa/_db/migrations/20151221212759_DropOldAuthzRegIDIndex.sql
+++ b/sa/_db/migrations/20151221212759_DropOldAuthzRegIDIndex.sql
@ -1,8 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 DROP INDEX `regId_idx` ON `authz`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 CREATE INDEX `regId_idx` ON `authz` (`registrationID`);
--- a/sa/_db/migrations/20160202135920_AddFQDNSetTable.sql
+++ b/sa/_db/migrations/20160202135920_AddFQDNSetTable.sql
@ -1,20 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `fqdnSets` (
       `id` INT(11) NOT NULL AUTO_INCREMENT,
       -- SHA256 hash of alphabetically sorted, lowercased, comma joined
       -- DNS names contained in a certificate
       `setHash` BINARY(32) NOT NULL,
       `serial` VARCHAR(255) UNIQUE NOT NULL,
       `issued` DATETIME NOT NULL,
       `expires` DATETIME NOT NULL,
       PRIMARY KEY (`id`),
       KEY `setHash_issued_idx` (`setHash`, `issued`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `fqdnSets`;
--- a/sa/_db/migrations/20160601135920_RemoveDeniedCSRs.sql
+++ b/sa/_db/migrations/20160601135920_RemoveDeniedCSRs.sql
@ -1,13 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 DROP TABLE `deniedCSRs`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 CREATE TABLE `deniedCSRs` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `names` varchar(255) NOT NULL,
  PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/sa/_db/migrations/20160602142227_AddCertificatesIssuedIndex.sql
+++ b/sa/_db/migrations/20160602142227_AddCertificatesIssuedIndex.sql
@ -1,10 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `certificates` ADD INDEX `issued_idx` (`issued`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `certificates` DROP INDEX `issued_idx`;
--- a/sa/_db/migrations/20160817143417_CertStatusOptimizations.sql
+++ b/sa/_db/migrations/20160817143417_CertStatusOptimizations.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `certificateStatus` ADD COLUMN `notAfter` DATETIME DEFAULT NULL;
 ALTER TABLE `certificateStatus` ADD COLUMN `isExpired` BOOL DEFAULT FALSE;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `certificateStatus` DROP COLUMN `notAfter`;
 ALTER TABLE `certificateStatus` DROP COLUMN `isExpired`;
--- a/sa/_db/migrations/20160818140745_AddRegStatus.sql
+++ b/sa/_db/migrations/20160818140745_AddRegStatus.sql
@ -1,10 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `registrations` ADD COLUMN (`status` varchar(255) DEFAULT "valid" NOT NULL);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `registrations` DROP COLUMN `status`;
--- a/sa/_db/migrations/20160914105917_RemoveChallengesAcctKeyAndTLS.sql
+++ b/sa/_db/migrations/20160914105917_RemoveChallengesAcctKeyAndTLS.sql
@ -1,17 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `challenges` DROP COLUMN `accountKey`;
 ALTER TABLE `challenges` DROP COLUMN `tls`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `challenges` ADD COLUMN (
  `accountKey` mediumBlob
 );
 ALTER TABLE `challenges` ADD COLUMN (
  `tls` tinyint(1) DEFAULT NULL
 );
--- a/sa/_db/migrations/20170718114448_DBCleanup.sql
+++ b/sa/_db/migrations/20170718114448_DBCleanup.sql
@ -1,65 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 -- externalCerts and identifierData were originally needed for PoP challenges
 -- but were never used and can safely be removed since PoP challenges were
 -- removed from the spec.
 DROP TABLE externalCerts;
 DROP TABLE identifierData;
 ALTER TABLE certificateStatus MODIFY LockCol BIGINT(20) NULL DEFAULT 0,
  MODIFY subscriberApproved tinyint(1) NULL DEFAULT 0;
 START TRANSACTION;
 ALTER TABLE certificateStatus DROP PRIMARY KEY,
 	ADD id BIGINT(20) NOT NULL AUTO_INCREMENT FIRST,
 	ADD PRIMARY KEY(id),
 	ADD UNIQUE serial (serial);
 COMMIT;
 START TRANSACTION;
 ALTER TABLE certificates DROP PRIMARY KEY,
 	ADD id BIGINT(20) NOT NULL AUTO_INCREMENT FIRST,
 	ADD PRIMARY KEY(id),
 	ADD UNIQUE serial (serial);
 COMMIT;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 CREATE TABLE `externalCerts` (
  `sha1` varchar(40) NOT NULL,
  `issuer` text,
  `subject` text,
  `notAfter` datetime DEFAULT NULL,
  `spki` blob,
  `valid` tinyint(1) DEFAULT NULL,
  `ev` tinyint(1) DEFAULT NULL,
  `rawDERCert` blob,
  UNIQUE KEY `sha1` (`sha1`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `identifierData` (
  `reversedName` varchar(255) NOT NULL,
  `certSHA1` varchar(40) NOT NULL,
  UNIQUE KEY `certSHA1` (`certSHA1`,`reversedName`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 ALTER TABLE certificateStatus MODIFY LockCol BIGINT(20) NOT NULL,
  MODIFY subscriberApproved tinyint(1) NOT NULL;
 START TRANSACTION;
 ALTER TABLE certificateStatus DROP PRIMARY KEY,
 	DROP KEY (serial),
 	ADD PRIMARY KEY(serial),
 	DROP id;
 COMMIT;
 START TRANSACTION;
 ALTER TABLE certificates DROP PRIMARY KEY,
 	DROP KEY serial,
 	ADD PRIMARY KEY(serial),
 	DROP id;
 COMMIT;
--- a/sa/_db/migrations/20170731115209_AddOrders.sql
+++ b/sa/_db/migrations/20170731115209_AddOrders.sql
@ -1,28 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE orders (
       id BIGINT(20) NOT NULL AUTO_INCREMENT,
       registrationID BIGINT(20) NOT NULL,
       expires DATETIME NOT NULL,
       csr MEDIUMBLOB NOT NULL,
       error MEDIUMBLOB DEFAULT NULL,
       certificateSerial VARCHAR(255) DEFAULT NULL,
       status VARCHAR(255) NOT NULL,
       PRIMARY KEY(id),
       -- We need an index on regID, status, expires to ensure the
       -- countPendingOrdersByRegID RPC has good performance.
       KEY reg_status_expires (registrationID, status, expires)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE orderToAuthz (
       orderID BIGINT(20) NOT NULL,
       authzID VARCHAR(255) NOT NULL,
       PRIMARY KEY order_authz (orderID, authzID),
       KEY authzID (authzID)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE orders;
 DROP TABLE orderToAuthz;
--- a/sa/_db/migrations/20171006131843_FinalizeOrder.sql
+++ b/sa/_db/migrations/20171006131843_FinalizeOrder.sql
@ -1,24 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE orders DROP COLUMN csr;
 CREATE TABLE requestedNames (
  `id` BIGINT(20) NOT NULL AUTO_INCREMENT,
  `orderID` BIGINT(20) NOT NULL,
  -- 253 is the maximum allowed DNS name length
  -- We use ASCII explicitly here since there is no expectation that un-punycode
  -- encoded unicode names will be stored
  `reversedName` varchar(253) CHARACTER SET ascii NOT NULL,
  PRIMARY KEY(id),
  KEY `orderID_idx` (`orderID`),
  KEY `reversedName_idx` (`reversedName`),
  CONSTRAINT `orderID_orders` FOREIGN KEY (`orderID`) REFERENCES `orders` (`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE orders ADD COLUMN csr MEDIUMBLOB NOT NULL;
 DROP TABLE requestedNames;
--- a/sa/_db/migrations/20171015225800_AddRenewalBit.sql
+++ b/sa/_db/migrations/20171015225800_AddRenewalBit.sql
@ -1,10 +0,0 @@
 -- +goose Up
 ALTER TABLE issuedNames
       ADD COLUMN renewal TINYINT(1) NOT NULL DEFAULT 0,
       ADD INDEX `reversedName_renewal_notBefore_Idx` (`reversedName`,`renewal`,`notBefore`);
 -- +goose Down
 ALTER TABLE issuedNames
       DROP COLUMN renewal,
       DROP INDEX `reversedName_renewal_notBefore_Idx`;
--- a/sa/_db/migrations/20171107160000_AddCertificateStatusIndexes.sql
+++ b/sa/_db/migrations/20171107160000_AddCertificateStatusIndexes.sql
@ -1,13 +0,0 @@
 -- +goose Up
 ALTER TABLE certificateStatus
       ADD INDEX `isExpired_ocspLastUpdated_idx` (`isExpired`, `ocspLastUpdated`),
       ADD INDEX `notAfter_idx` (`notAfter`),
       DROP INDEX `status_certificateStatus_idx`,
       DROP INDEX `ocspLastUpdated_certificateStatus_idx`;
 -- +goose Down
 ALTER TABLE certificateStatus
       DROP INDEX `isExpired_ocspLastUpdated_idx`,
       DROP INDEX `notAfter_idx`,
       ADD INDEX `ocspLastUpdated_certificateStatus_idx` (`ocspLastUpdated`),
       ADD INDEX `status_certificateStatus_idx` (`status`);
--- a/sa/_db/migrations/20171214114506_AddOrderFQDNSets.sql
+++ b/sa/_db/migrations/20171214114506_AddOrderFQDNSets.sql
@ -1,28 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE orderFqdnSets (
  id BIGINT(20) NOT NULL AUTO_INCREMENT,
  setHash BINARY(32) NOT NULL,
  orderID BIGINT(20) NOT NULL,
  registrationID BIGINT(20) NOT NULL,
  expires DATETIME NOT NULL,
  PRIMARY KEY (id),
  KEY setHash_expires_idx (setHash,expires),
  KEY orderID_idx (orderID),
  CONSTRAINT orderFqdnSets_registrationID_registrations
    FOREIGN KEY (registrationID)
    REFERENCES registrations (id)
    ON DELETE NO ACTION ON UPDATE NO ACTION,
  CONSTRAINT orderFqdnSets_orderID_orders
    FOREIGN KEY (orderID)
    REFERENCES orders (id)
    ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `orderFqdnSets`;
--- a/sa/_db/migrations/20180124141109_DropOrderStatusField.sql
+++ b/sa/_db/migrations/20180124141109_DropOrderStatusField.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `orders` DROP COLUMN `status`;
 ALTER TABLE `orders` ADD COLUMN `beganProcessing` BOOL NOT NULL DEFAULT FALSE;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `orders` ADD COLUMN `status` varchar(255) NOT NULL;
 ALTER TABLE `orders` DROP COLUMN `beganProcessing`;
--- a/sa/_db/migrations/20180228165129_AddOrderCreatedField.sql
+++ b/sa/_db/migrations/20180228165129_AddOrderCreatedField.sql
@ -1,14 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `orders`
  ADD COLUMN `created` DATETIME NOT NULL,
  ADD INDEX `regID_created_idx` (`registrationID`, `created`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `orders`
  DROP COLUMN `created`,
  DROP INDEX `regID_created_idx`;
--- a/sa/_db/migrations/20180626003200_AddPendingAuthzIndex.sql
+++ b/sa/_db/migrations/20180626003200_AddPendingAuthzIndex.sql
@ -1,18 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `pendingAuthorizations`
  ADD INDEX `identifier_registrationID_status_expires_idx` (
    `identifier`, `registrationID`, `status`, `expires`),
  ADD INDEX `registrationID_status_expires_idx` (
    `registrationID`, `status`, `expires`),
  DROP INDEX `regId_expires_idx`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `pendingAuthorizations`
  DROP INDEX `identifier_registrationID_status_expires_idx`,
  DROP INDEX `registrationID_status_expires_idx`,
  ADD INDEX `regId_expires_idx` (`registrationID`,`expires`);
--- a/sa/_db/migrations/20190101000000_AddRateLimitTable.sql
+++ b/sa/_db/migrations/20190101000000_AddRateLimitTable.sql
@ -1,15 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `certificatesPerName` (
    `id` BIGINT(20) PRIMARY KEY AUTO_INCREMENT,
    `eTLDPlusOne` VARCHAR(255) NOT NULL,
    `time` DATETIME NOT NULL,
    `count` INTEGER NOT NULL,
    UNIQUE KEY `eTLDPlusOne_time_idx` (`eTLDPlusOne`, `time`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `certificatesPerName`;
--- a/sa/_db/migrations/20190221140139_AddAuthz2.sql
+++ b/sa/_db/migrations/20190221140139_AddAuthz2.sql
@ -1,35 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `authz2` (
    `id` BIGINT(20) PRIMARY KEY AUTO_INCREMENT,
    `identifierType` TINYINT NOT NULL,
    `identifierValue` VARCHAR(255) NOT NULL,
    `registrationID` BIGINT(20) NOT NULL,
    `status` TINYINT NOT NULL,
    `expires` DATETIME NOT NULL,
    `challenges` TINYINT NOT NULL,
    `attempted` TINYINT DEFAULT NULL,
    `attemptedAt` DATETIME DEFAULT NULL,
    `token` BINARY(32) UNIQUE NOT NULL,
    `validationError` MEDIUMBLOB DEFAULT NULL,
    `validationRecord` MEDIUMBLOB DEFAULT NULL,
    KEY `regID_expires_idx` (`registrationID`, `status`, `expires`),
    KEY `regID_identifier_status_expires_idx` (`registrationID`, `identifierType`, `identifierValue`, `status`, `expires`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `orderToAuthz2` (
    `orderID` BIGINT(20) NOT NULL,
    `authzID` BIGINT(20) NOT NULL,
    PRIMARY KEY order_authz (`orderID`, `authzID`),
    KEY `authzID` (`authzID`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `authz2`;
 DROP TABLE `orderToAuthz2`;
--- a/sa/_db/migrations/20190524120239_AddAuthz2ExpiresIndex.sql
+++ b/sa/_db/migrations/20190524120239_AddAuthz2ExpiresIndex.sql
@ -1,8 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE INDEX `expires_idx` ON `authz2` (`expires`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP INDEX `expires_idx` ON `authz2`;
--- a/sa/_db/migrations/20190717133458_DropSCTReceipts.sql
+++ b/sa/_db/migrations/20190717133458_DropSCTReceipts.sql
@ -1,21 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 DROP TABLE `sctReceipts`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 CREATE TABLE `sctReceipts` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `sctVersion` tinyint(1) NOT NULL,
  `logID` varchar(255) NOT NULL,
  `timestamp` bigint(20) NOT NULL,
  `extensions` blob DEFAULT NULL,
  `signature` blob DEFAULT NULL,
  `certificateSerial` varchar(255) NOT NULL,
  `LockCol` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `certificateSerial_logID` (`certificateSerial`,`logID`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/sa/_db/migrations/20190902000000_AddPrecertificatesTable.sql
+++ b/sa/_db/migrations/20190902000000_AddPrecertificatesTable.sql
@ -1,34 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `serials` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `registrationID` bigint(20) NOT NULL,
  `serial` varchar(255) NOT NULL,
  `created` datetime NOT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `serial` (`serial`),
  KEY `regId_serials_idx` (`registrationID`),
  CONSTRAINT `regId_serials` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `precertificates` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `registrationID` bigint(20) NOT NULL,
  `serial` varchar(255) NOT NULL,
  `der` mediumblob NOT NULL,
  `issued` datetime NOT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `serial` (`serial`),
  KEY `regId_precertificates_idx` (`registrationID`),
  KEY `issued_precertificates_idx` (`issued`),
  CONSTRAINT `regId_precertificates` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE serials;
 DROP TABLE precertificates;
--- a/sa/_db/migrations/20191108171706_RemoveOldAuthzTables.sql
+++ b/sa/_db/migrations/20191108171706_RemoveOldAuthzTables.sql
@ -1,43 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 DROP TABLE `authz`;
 DROP TABLE `pendingAuthorizations`;
 DROP TABLE `orderToAuthz`;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 CREATE TABLE `authz` (
  `id` varchar(255) NOT NULL,
  `identifier` varchar(255) NOT NULL,
  `registrationID` bigint(20) NOT NULL,
  `status` varchar(255) NOT NULL,
  `expires` datetime DEFAULT NULL,
  `combinations` varchar(255) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `registrationID_identifier_status_expires_authz_idx` (`registrationID`,`identifier`,`status`,`expires`),
  CONSTRAINT `regId_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `pendingAuthorizations` (
  `id` varchar(255) NOT NULL,
  `identifier` varchar(255) NOT NULL,
  `registrationID` bigint(20) NOT NULL,
  `status` varchar(255) NOT NULL,
  `expires` datetime DEFAULT NULL,
  `combinations` varchar(255) NOT NULL,
  `LockCol` bigint(20) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `identifier_registrationID_status_expires_idx` (`identifier`,`registrationID`,`status`,`expires`),
  KEY `registrationID_status_expires_idx` (`registrationID`,`status`,`expires`),
  CONSTRAINT `regId_pending_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `orderToAuthz` (
  `orderID` bigint(20) NOT NULL,
  `authzID` varchar(255) NOT NULL,
  PRIMARY KEY (`orderID`,`authzID`),
  KEY `authzID` (`authzID`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/sa/_db/migrations/20191111151306_AddIssuerInfoCertificateStatus.sql
+++ b/sa/_db/migrations/20191111151306_AddIssuerInfoCertificateStatus.sql
@ -1,10 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE certificateStatus ADD `issuerID` BIGINT(20) DEFAULT NULL;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE certificateStatus DROP `issuerID`;
--- a/sa/_db/migrations/20191118124728_FixFQDNSetsAndIssuedNamesID.sql
+++ b/sa/_db/migrations/20191118124728_FixFQDNSetsAndIssuedNamesID.sql
@ -1,12 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE `fqdnSets` MODIFY `id` BIGINT(20) NOT NULL AUTO_INCREMENT;
 ALTER TABLE `issuedNames` MODIFY `id` BIGINT(20) NOT NULL AUTO_INCREMENT;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE `fqdnSets` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
 ALTER TABLE `issuedNames` MODIFY `id` INT(11) NOT NULL AUTO_INCREMENT;
--- a/sa/_db/migrations/20191129164412_RemoveOCSPResponses.sql
+++ b/sa/_db/migrations/20191129164412_RemoveOCSPResponses.sql
@ -1,17 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 DROP TABLE ocspResponses;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 CREATE TABLE `ocspResponses` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `serial` varchar(255) NOT NULL,
  `createdAt` datetime NOT NULL,
  `response` mediumblob NOT NULL,
  PRIMARY KEY (`id`),
  KEY `SERIAL` (`serial`) COMMENT 'Actual lookup mechanism'
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--- a/sa/_db/migrations/20200407130407_AddKeyHashTable.sql
+++ b/sa/_db/migrations/20200407130407_AddKeyHashTable.sql
@ -1,18 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `keyHashToSerial` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `keyHash` binary(32) NOT NULL,
  `certNotAfter` datetime NOT NULL,
  `certSerial` varchar(255) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `keyHash_certNotAfter` (`keyHash`, `certNotAfter`),
  UNIQUE KEY `unique_keyHash_certserial` (`keyHash`, `certSerial`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `keyHashToSerial`;
--- a/sa/_db/migrations/20200414124347_AddBlockedKeysTable.sql
+++ b/sa/_db/migrations/20200414124347_AddBlockedKeysTable.sql
@ -1,17 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `blockedKeys` (
    `id` bigint(20) NOT NULL AUTO_INCREMENT,
    `keyHash` binary(32) NOT NULL UNIQUE,
    `added` datetime NOT NULL,
    `source` tinyint NOT NULL,
    `comment` varchar(255) DEFAULT NULL,
    PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `blockedKeys`;
--- a/sa/_db/migrations/20200420135619_AddRowsBlockedKeys.sql
+++ b/sa/_db/migrations/20200420135619_AddRowsBlockedKeys.sql
@ -1,14 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 ALTER TABLE blockedKeys ADD `revokedBy` BIGINT(20) DEFAULT 0;
 ALTER TABLE blockedKeys ADD `extantCertificatesChecked` BOOLEAN DEFAULT FALSE;
 CREATE INDEX `extantCertificatesChecked_idx` ON blockedKeys (`extantCertificatesChecked`);
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 ALTER TABLE blockedKeys DROP `revokedBy`;
 ALTER TABLE blockedKeys DROP `extantCertificatesChecked`;
 DROP INDEX `extantCertificatesChecked_idx` ON blockedKeys;
--- a/sa/_db/migrations/20200609125504_AddNewOrdersRateLimitTable.sql
+++ b/sa/_db/migrations/20200609125504_AddNewOrdersRateLimitTable.sql
@ -1,16 +0,0 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `newOrdersRL` (
    `id` BIGINT(20) PRIMARY KEY AUTO_INCREMENT,
    `regID` BIGINT(20) NOT NULL,
    `time` DATETIME NOT NULL,
    `count` INTEGER NOT NULL,
    UNIQUE KEY `regID_time_idx` (`regID`, `time`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 DROP TABLE `newOrdersRL`;
--- a/sa/_db/migrations/20210223140000_CombinedSchema.sql
+++ b/sa/_db/migrations/20210223140000_CombinedSchema.sql
@ -0,0 +1,237 @@
 -- +goose Up
 -- SQL in section 'Up' is executed when this migration is applied
 CREATE TABLE `authz2` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `identifierType` tinyint(4) NOT NULL,
  `identifierValue` varchar(255) NOT NULL,
  `registrationID` bigint(20) NOT NULL,
  `status` tinyint(4) NOT NULL,
  `expires` datetime NOT NULL,
  `challenges` tinyint(4) NOT NULL,
  `attempted` tinyint(4) DEFAULT NULL,
  `attemptedAt` datetime DEFAULT NULL,
  `token` binary(32) NOT NULL,
  `validationError` mediumblob DEFAULT NULL,
  `validationRecord` mediumblob DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `token` (`token`),
  KEY `regID_expires_idx` (`registrationID`,`status`,`expires`),
  KEY `regID_identifier_status_expires_idx` (`registrationID`,`identifierType`,`identifierValue`,`status`,`expires`),
  KEY `expires_idx` (`expires`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `blockedKeys` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `keyHash` binary(32) NOT NULL,
  `added` datetime NOT NULL,
  `source` tinyint(4) NOT NULL,
  `comment` varchar(255) DEFAULT NULL,
  `revokedBy` bigint(20) DEFAULT 0,
  `extantCertificatesChecked` tinyint(1) DEFAULT 0,
  PRIMARY KEY (`id`),
  UNIQUE KEY `keyHash` (`keyHash`),
  KEY `extantCertificatesChecked_idx` (`extantCertificatesChecked`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `certificateStatus` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `serial` varchar(255) NOT NULL,
  `subscriberApproved` tinyint(1) DEFAULT 0,
  `status` varchar(255) NOT NULL,
  `ocspLastUpdated` datetime NOT NULL,
  `revokedDate` datetime NOT NULL,
  `revokedReason` int(11) NOT NULL,
  `lastExpirationNagSent` datetime NOT NULL,
  `LockCol` bigint(20) DEFAULT 0,
  `ocspResponse` blob DEFAULT NULL,
  `notAfter` datetime DEFAULT NULL,
  `isExpired` tinyint(1) DEFAULT 0,
  `issuerID` bigint(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `serial` (`serial`),
  KEY `isExpired_ocspLastUpdated_idx` (`isExpired`,`ocspLastUpdated`),
  KEY `notAfter_idx` (`notAfter`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `certificatesPerName` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `eTLDPlusOne` varchar(255) NOT NULL,
  `time` datetime NOT NULL,
  `count` int(11) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `eTLDPlusOne_time_idx` (`eTLDPlusOne`,`time`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `crls` (
  `serial` varchar(255) NOT NULL,
  `createdAt` datetime NOT NULL,
  `crl` varchar(255) NOT NULL,
  PRIMARY KEY (`serial`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `fqdnSets` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `setHash` binary(32) NOT NULL,
  `serial` varchar(255) NOT NULL,
  `issued` datetime NOT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `serial` (`serial`),
  KEY `setHash_issued_idx` (`setHash`,`issued`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `issuedNames` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `reversedName` varchar(640) CHARACTER SET ascii NOT NULL,
  `notBefore` datetime NOT NULL,
  `serial` varchar(255) NOT NULL,
  `renewal` tinyint(1) NOT NULL DEFAULT 0,
  PRIMARY KEY (`id`),
  KEY `reversedName_notBefore_Idx` (`reversedName`,`notBefore`),
  KEY `reversedName_renewal_notBefore_Idx` (`reversedName`,`renewal`,`notBefore`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `keyHashToSerial` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `keyHash` binary(32) NOT NULL,
  `certNotAfter` datetime NOT NULL,
  `certSerial` varchar(255) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `unique_keyHash_certserial` (`keyHash`,`certSerial`),
  KEY `keyHash_certNotAfter` (`keyHash`,`certNotAfter`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `newOrdersRL` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `regID` bigint(20) NOT NULL,
  `time` datetime NOT NULL,
  `count` int(11) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `regID_time_idx` (`regID`,`time`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `orderToAuthz2` (
  `orderID` bigint(20) NOT NULL,
  `authzID` bigint(20) NOT NULL,
  PRIMARY KEY (`orderID`,`authzID`),
  KEY `authzID` (`authzID`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `orders` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `registrationID` bigint(20) NOT NULL,
  `expires` datetime NOT NULL,
  `error` mediumblob DEFAULT NULL,
  `certificateSerial` varchar(255) DEFAULT NULL,
  `beganProcessing` tinyint(1) NOT NULL DEFAULT 0,
  `created` datetime NOT NULL,
  PRIMARY KEY (`id`),
  KEY `reg_status_expires` (`registrationID`,`expires`),
  KEY `regID_created_idx` (`registrationID`,`created`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `registrations` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `jwk` mediumblob NOT NULL,
  `jwk_sha256` varchar(255) NOT NULL,
  `contact` varchar(191) CHARACTER SET utf8mb4 NOT NULL,
  `agreement` varchar(255) NOT NULL,
  `LockCol` bigint(20) NOT NULL,
  `initialIP` binary(16) NOT NULL DEFAULT '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0',
  `createdAt` datetime NOT NULL,
  `status` varchar(255) NOT NULL DEFAULT 'valid',
  PRIMARY KEY (`id`),
  UNIQUE KEY `jwk_sha256` (`jwk_sha256`),
  KEY `initialIP_createdAt` (`initialIP`,`createdAt`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- Tables below have foreign key constraints, so are created after all other tables.
 CREATE TABLE `certificates` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `registrationID` bigint(20) NOT NULL,
  `serial` varchar(255) NOT NULL,
  `digest` varchar(255) NOT NULL,
  `der` mediumblob NOT NULL,
  `issued` datetime NOT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `serial` (`serial`),
  KEY `regId_certificates_idx` (`registrationID`) COMMENT 'Common lookup',
  KEY `issued_idx` (`issued`),
  CONSTRAINT `regId_certificates` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `orderFqdnSets` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `setHash` binary(32) NOT NULL,
  `orderID` bigint(20) NOT NULL,
  `registrationID` bigint(20) NOT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`id`),
  KEY `setHash_expires_idx` (`setHash`,`expires`),
  KEY `orderID_idx` (`orderID`),
  KEY `orderFqdnSets_registrationID_registrations` (`registrationID`),
  CONSTRAINT `orderFqdnSets_orderID_orders` FOREIGN KEY (`orderID`) REFERENCES `orders` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION,
  CONSTRAINT `orderFqdnSets_registrationID_registrations` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `precertificates` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `registrationID` bigint(20) NOT NULL,
  `serial` varchar(255) NOT NULL,
  `der` mediumblob NOT NULL,
  `issued` datetime NOT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `serial` (`serial`),
  KEY `regId_precertificates_idx` (`registrationID`),
  KEY `issued_precertificates_idx` (`issued`),
  CONSTRAINT `regId_precertificates` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `requestedNames` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `orderID` bigint(20) NOT NULL,
  `reversedName` varchar(253) CHARACTER SET ascii NOT NULL,
  PRIMARY KEY (`id`),
  KEY `orderID_idx` (`orderID`),
  KEY `reversedName_idx` (`reversedName`),
  CONSTRAINT `orderID_orders` FOREIGN KEY (`orderID`) REFERENCES `orders` (`id`) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 CREATE TABLE `serials` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `registrationID` bigint(20) NOT NULL,
  `serial` varchar(255) NOT NULL,
  `created` datetime NOT NULL,
  `expires` datetime NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `serial` (`serial`),
  KEY `regId_serials_idx` (`registrationID`),
  CONSTRAINT `regId_serials` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 -- +goose Down
 -- SQL section 'Down' is executed when this migration is rolled back
 -- First set of tables have foreign key constraints, so are dropped first.
 DROP TABLE `certificates`
 DROP TABLE `orderFqdnSets`
 DROP TABLE `precertificates`
 DROP TABLE `requestedNames`
 DROP TABLE `serials`
 DROP TABLE `authz2`
 DROP TABLE `blockedKeys`
 DROP TABLE `certificateStatus`
 DROP TABLE `certificatesPerName`
 DROP TABLE `crls`
 DROP TABLE `fqdnSets`
 DROP TABLE `issuedNames`
 DROP TABLE `keyHashToSerial`
 DROP TABLE `newOrdersRL`
 DROP TABLE `orderToAuthz2`
 DROP TABLE `orders`
 DROP TABLE `registrations`