The Internet of Things (IoT) connects everyday devices and generates real-time data that have greatly prompted business and life efficiency. The integration of IoT and blockchain has made IoT data management and storage more trustworthy. However, despite the immutability property contributes a lot to the trustable reputation of blockchain-based IoT systems, from a data processing perspective, it is desired to achieve skillful and secure blockchain rewriting for scenarios such as device data sharing. Existing blockchain rewriting solutions usually rely on centralized modifiers where the rewriting power is difficult to control or withdraw. In this article, we propose a new auditable redactable blockchain (RB) scheme named ACHR that supports self-management and mandatory revocation of the rewriting privilege. The scheme allows user devices to rewrite their blockchain transactions under strict auditing to ensure content security. To prevent centralization or rewriting power abuses, the revocation trapdoor can be computed compulsorily by an auditor when a redaction is published to the blockchain. We introduce a generic construction and an instantiation of the ACHR scheme for building the RB and prove its security. We provide a prototype implementation to demonstrate that our scheme is effective and efficient compared to the traditional blockchain-IoT system with immutability.