letsencrypt
diff --git a/‎ra/proto/ra.pb.go
+291-225 b/‎ra/proto/ra.pb.go
+291-225
diff --git a/‎ra/proto/ra.proto
+5-1 b/‎ra/proto/ra.proto
+5-1
diff --git a/‎ra/proto/ra_grpc.pb.go
+26-26 b/‎ra/proto/ra_grpc.pb.go
+26-26
diff --git a/‎ra/ra.go
+5-11 b/‎ra/ra.go
+5-11
diff --git a/‎ra/ra_test.go
+3-8 b/‎ra/ra_test.go
+3-8
@@ -11,8 +11,8 @@ service RegistrationAuthority {
   rpc NewRegistration(core.Registration) returns (core.Registration) {}
   rpc UpdateRegistrationContact(UpdateRegistrationContactRequest) returns (core.Registration) {}
   rpc UpdateRegistrationKey(UpdateRegistrationKeyRequest) returns (core.Registration) {}
+  rpc DeactivateRegistration(DeactivateRegistrationRequest) returns (core.Registration) {}
   rpc PerformValidation(PerformValidationRequest) returns (core.Authorization) {}
-  rpc DeactivateRegistration(core.Registration) returns (google.protobuf.Empty) {}
   rpc DeactivateAuthorization(core.Authorization) returns (google.protobuf.Empty) {}
   rpc RevokeCertByApplicant(RevokeCertByApplicantRequest) returns (google.protobuf.Empty) {}
   rpc RevokeCertByKey(RevokeCertByKeyRequest) returns (google.protobuf.Empty) {}
@@ -51,6 +51,10 @@ message UpdateRegistrationKeyRequest {
   bytes jwk = 2;
 }
 
+message DeactivateRegistrationRequest {
+  int64 registrationID = 1;
+}
+
 message UpdateAuthorizationRequest {
   core.Authorization authz = 1;
   int64 challengeIndex = 2;
 
@@ -2171,23 +2171,17 @@ func (ra *RegistrationAuthorityImpl) AdministrativelyRevokeCertificate(ctx conte
 }
 
 // DeactivateRegistration deactivates a valid registration
-func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, reg *corepb.Registration) (*emptypb.Empty, error) {
-	if reg == nil || reg.Id == 0 {
+func (ra *RegistrationAuthorityImpl) DeactivateRegistration(ctx context.Context, req *rapb.DeactivateRegistrationRequest) (*corepb.Registration, error) {
+	if req == nil || req.RegistrationID == 0 {
 		return nil, errIncompleteGRPCRequest
 	}
-	// TODO(#5554): Remove this check: this is only enforcing that the WFE has
-	// told us the correct status. The SA will enforce that the current status is
-	// valid during its database update.
-	if reg.Status != string(core.StatusValid) {
-		return nil, berrors.MalformedError("only valid registrations can be deactivated")
-	}
-	_, err := ra.SA.DeactivateRegistration(ctx, &sapb.RegistrationID{Id: reg.Id})
+
+	updatedAcct, err := ra.SA.DeactivateRegistration(ctx, &sapb.RegistrationID{Id: req.RegistrationID})
 	if err != nil {
 		return nil, err
 	}
 
-	// TODO(#5554): Return the updated account object.
-	return &emptypb.Empty{}, nil
+	return updatedAcct, nil
 }
 
 // DeactivateAuthorization deactivates a currently valid authorization
 
@@ -988,18 +988,13 @@ func TestDeactivateRegistration(t *testing.T) {
 	defer cleanUp()
 
 	// Deactivate failure because incomplete registration provided
-	_, err := ra.DeactivateRegistration(context.Background(), &corepb.Registration{})
+	_, err := ra.DeactivateRegistration(context.Background(), &rapb.DeactivateRegistrationRequest{})
 	test.AssertDeepEquals(t, err, fmt.Errorf("incomplete gRPC request message"))
 
-	// Deactivate failure because registration status already deactivated
-	_, err = ra.DeactivateRegistration(context.Background(),
-		&corepb.Registration{Id: 1, Status: string(core.StatusDeactivated)})
-	test.AssertError(t, err, "DeactivateRegistration failed with a non-valid registration")
-
 	// Deactivate success with valid registration
-	_, err = ra.DeactivateRegistration(context.Background(),
-		&corepb.Registration{Id: 1, Status: string(core.StatusValid)})
+	got, err := ra.DeactivateRegistration(context.Background(), &rapb.DeactivateRegistrationRequest{RegistrationID: 1})
 	test.AssertNotError(t, err, "DeactivateRegistration failed")
+	test.AssertEquals(t, got.Status, string(core.StatusDeactivated))
 
 	// Check db to make sure account is deactivated
 	dbReg, err := ra.SA.GetRegistration(context.Background(), &sapb.RegistrationID{Id: 1})