Use existing private key as an account key


#1

Hi All,

How can i use my existing private key as an account key for signing the ACME requests in Certbot?

How the command should look like?

Thanks for your time.


#2

account keys and private keys are different and have separate purposes.
and it makes little sense to use your private key for any other purpose.
If you want to know how to use your own private key…
I believe the parameter is
–csr-key your.private.key


#3

Let’s Encrypt actively forbids using the same keypair as an account key and as a subject key in a certificate, so you won’t be able to do that. But if you’ve pre-generated a particular key that you happen to want to serve as your account key, that wouldn’t be forbidden by policy.

I don’t know for sure whether any current client supports importing rather than generating an account key, so I anticipate you’ll need to dig into the code of current clients and potentially modify it to do what you want.

I guess that the ZeroSSL and gethttpsforfree web clients do require users to deal with account keys explicitly, and there’s le.pl which is the basis for ZeroSSL, so that might be one option.


#4

How can i do the same with Certbot by passing the existing account key?

I need to pass two separate keys to Certbot. One is for account key while other is for csr signing


#5

Importing an existing private key into Certbot for use as the account key is not currently well-supported, but you might be able to achieve it by studying the file formats for the /etc/letsencrypt/accounts directory and trying to replicate it.

We might be better able to help you if you tell us more about what you are trying to accomplish. Why do you need to import and already-existing private key as your account key, rather than allowing Certbot to generate one for you automatically?


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.