Hello -
I am a little confused by what is needed in the account_key parameter.
The docs say it is:
File containing the Let’s Encrypt account RSA key.
Can be created withopenssl rsa ....
|
- |
I know when I first setup the account it generated keys in /etc/letsencrypt/accounts/…
They are in a json format though:
I didnt think they needed to be created - perhaps an openssl export?
what is that parameter looking for?
thanks
Michael
Hi,
I am a little confused by what is needed in the account_key parameter.
The docs say it is:
*File containing the Let's Encrypt account RSA key.*
*Can be created with openssl rsa ....*
I know when I first setup the account it generated keys in
/etc/letsencrypt/accounts/...They are in a json format though:
well, the ones used by CertBot are in JSON, that is. There are many
different ACME (the Let's Encrypt protocol) clients, and some use JWK
(JSON Web Key), while others (like acme-tiny and the one integrated in
Ansible) use PEM.
I didnt think they needed to be created - perhaps an openssl export?
Either you simply create a new key, or you convert your existing key
(assuming you have one) using for example this method:
https://github.com/diafygi/acme-tiny/#use-existing-lets-encrypt-key
what is that parameter looking for?
If you have an existing account key (say, from CertBot) and want to use
Ansible to create certificates for the same sets of domains, it's
probably best if you convert the existing key. Otherwise, creating a
new one is fine. Just keep whatever key you use secret and don't delete
it.
Best regards,
Felix
Thank you