summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrsiddharth <s@ricketyspace.net>2020-02-03 17:32:44 -0500
committerrsiddharth <s@ricketyspace.net>2020-02-03 17:32:44 -0500
commite084c0e36a70e3d38ef888926bb75fbd37e85d4c (patch)
tree830a8190d6f8e8e6b441d02061f3c09f6ae8ac98
parent2970792bc8d3c83bf75e13d8948a3392d18a5777 (diff)
README.md: Update introduction.
The ACME v2 of the sign_csr.py and revoke_crt.py require the user account private key.
-rw-r--r--README.md10
1 files changed, 4 insertions, 6 deletions
diff --git a/README.md b/README.md
index 8b314dc..4b8d939 100644
--- a/README.md
+++ b/README.md
@@ -16,12 +16,10 @@ it signed. The script goes through the [ACME protocol](https://github.com/ietf-w
with the Let's Encrypt certificate authority and outputs the signed certificate
to stdout.
-This script doesn't know or ask for your private key, and it doesn't need to be
-run on your server. There are some parts of the ACME protocol that require your
-private key and access to your server. For those parts, this script prints out
-very minimal commands for you to run to complete the requirements. There is only
-one command that needs to be run as root on your server and it is a very simple
-python https server that you can inspect for yourself before you run it.
+This script is meant to be run on your computer locally. It requires you to pass
+your account private key. If the account private key is encrypted, openssl will
+directly ask for the passphrase each time the private key is needed to sign
+requests or data.
## Table of Contents