Hi,

> I am a little confused by what is needed in the account_key parameter.
> 
> The docs say it is:
> 
> *File containing the Let's Encrypt account RSA key.*
> *Can be created with openssl rsa ....*
> I know when I first setup the account it generated keys in 
> /etc/letsencrypt/accounts/...
> 
> They are in a json format though:

well, the ones used by CertBot are in JSON, that is. There are many
different ACME (the Let's Encrypt protocol) clients, and some use JWK
(JSON Web Key), while others (like acme-tiny and the one integrated in
Ansible) use PEM.

> https://github.com/certbot/certbot/blob/master/tests/letstest/testdata/sample-config/accounts/acme-staging.api.letsencrypt.org/directory/48d6b9e8d767eccf7e4d877d6ffa81e3/private_key.json
> 
> I didnt think they needed to be created - perhaps an openssl export?

Either you simply create a new key, or you convert your existing key
(assuming you have one) using for example this method:
https://github.com/diafygi/acme-tiny/#use-existing-lets-encrypt-key

> what is that parameter looking for?

If you have an existing account key (say, from CertBot) and want to use
Ansible to create certificates for the same sets of domains, it's
probably best if you convert the existing key. Otherwise, creating a
new one is fine. Just keep whatever key you use secret and don't delete
it.

Best regards,
Felix

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20180214093045.26d4d78f%40ivalo.
For more options, visit https://groups.google.com/d/optout.

Reply via email to