Bug: Certbot ignores custom private key files

I am.

20char20char20char

The label to this thread seems misleadingā€¦
Are you talking about the account key or the certificate private key?

Account.

20char20char

Then I am confusedā€¦
Your opening statements, as well as more recent ones, refer to keys related to CSRs.
But Account keys have nothing to do with generating CSRs.
[unless I am completely mistaken]

You are not mistaken.

Then both (the label and the content of this topic/thread) are misleading/confusing.

Well, the thread title isnā€™t necessarily misleadingā€“heā€™s wanting to feed a specified account private key into certbot. Heā€™s somehow read the certbot docs to suggest that the --key-path flag is the way to do that. Thatā€™s an incorrect reading, of course:

 --key-path KEY_PATH   Path to private key for certificate installation or
                        revocation (if account key is missing) (default: None)

ā€¦but that seems to have been the thought process. And, in fairness to OP, the certbot docs arenā€™t very clear on the distinction between the account private key and the certificate private key (Iā€™d expect this is because itā€™s an extremely rare case where a user needs to give any thought at all to the account private key).

The confusion was increased by OPā€™s reference to a CSR, which isnā€™t related in any way at all to an account private key.

You (and I) know this.
But what do readers read in this topic/thread?
What do they get, or think, from it?
The record needs to be set straight.
We should maybe rephrase the title (I donā€™t see a BUG) and properly answer the question:
Can an account ā€œkeyā€ be easily reused/transferred to another certbot system?
If so, how?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.