Bug: Certbot ignores custom private key files

I am.

20char20char20char

The label to this thread seems misleading…
Are you talking about the account key or the certificate private key?

Account.

20char20char

Then I am confused…
Your opening statements, as well as more recent ones, refer to keys related to CSRs.
But Account keys have nothing to do with generating CSRs.
[unless I am completely mistaken]

You are not mistaken.

Then both (the label and the content of this topic/thread) are misleading/confusing.

Well, the thread title isn’t necessarily misleading–he’s wanting to feed a specified account private key into certbot. He’s somehow read the certbot docs to suggest that the --key-path flag is the way to do that. That’s an incorrect reading, of course:

 --key-path KEY_PATH   Path to private key for certificate installation or
                        revocation (if account key is missing) (default: None)

…but that seems to have been the thought process. And, in fairness to OP, the certbot docs aren’t very clear on the distinction between the account private key and the certificate private key (I’d expect this is because it’s an extremely rare case where a user needs to give any thought at all to the account private key).

The confusion was increased by OP’s reference to a CSR, which isn’t related in any way at all to an account private key.

You (and I) know this.
But what do readers read in this topic/thread?
What do they get, or think, from it?
The record needs to be set straight.
We should maybe rephrase the title (I don’t see a BUG) and properly answer the question:
Can an account “key” be easily reused/transferred to another certbot system?
If so, how?

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.