letsencrypt module - account_key
16 views
Skip to first unread message
Michael Bubb
Feb 13, 2018, 6:06:29 PM2/13/18
to Ansible Project
Hello -
I am a little confused by what is needed in the account_key parameter.
The docs say it is:
File containing the Let's Encrypt account RSA key. Can be created with openssl rsa .... |
I know when I first setup the account it generated keys in /etc/letsencrypt/accounts/...
They are in a json format though:
I didnt think they needed to be created - perhaps an openssl export?
what is that parameter looking for?
thanks
Michael
Felix Fontein
Feb 14, 2018, 3:31:06 AM2/14/18
to ansible...@googlegroups.com
Hi,
> I am a little confused by what is needed in the account_key parameter.
>
> The docs say it is:
>
> *File containing the Let's Encrypt account RSA key.*
> *Can be created with openssl rsa ....*
different ACME (the Let's Encrypt protocol) clients, and some use JWK
(JSON Web Key), while others (like acme-tiny and the one integrated in
Ansible) use PEM.
> https://github.com/certbot/certbot/blob/master/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/private_key.json
>
> I didnt think they needed to be created - perhaps an openssl export?
Either you simply create a new key, or you convert your existing key
(assuming you have one) using for example this method:
https://github.com/diafygi/acme-tiny/#use-existing-lets-encrypt-key
> what is that parameter looking for?
If you have an existing account key (say, from CertBot) and want to use
Ansible to create certificates for the same sets of domains, it's
probably best if you convert the existing key. Otherwise, creating a
new one is fine. Just keep whatever key you use secret and don't delete
it.
Best regards,
Felix
> I am a little confused by what is needed in the account_key parameter.
>
> The docs say it is:
>
> *Can be created with openssl rsa ....*
> I know when I first setup the account it generated keys in
> /etc/letsencrypt/accounts/...
>
> They are in a json format though:
well, the ones used by CertBot are in JSON, that is. There are many
> /etc/letsencrypt/accounts/...
>
> They are in a json format though:
different ACME (the Let's Encrypt protocol) clients, and some use JWK
(JSON Web Key), while others (like acme-tiny and the one integrated in
Ansible) use PEM.
> https://github.com/certbot/certbot/blob/master/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/private_key.json
>
> I didnt think they needed to be created - perhaps an openssl export?
(assuming you have one) using for example this method:
https://github.com/diafygi/acme-tiny/#use-existing-lets-encrypt-key
> what is that parameter looking for?
Ansible to create certificates for the same sets of domains, it's
probably best if you convert the existing key. Otherwise, creating a
new one is fine. Just keep whatever key you use secret and don't delete
it.
Best regards,
Felix
Michael Bubb
Feb 15, 2018, 1:18:39 PM2/15/18
to Ansible Project
Thank you
Reply all
Reply to author
Forward
0 new messages