summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrsiddharth <s@ricketyspace.net>2020-02-09 14:52:22 -0500
committerrsiddharth <s@ricketyspace.net>2020-02-09 14:52:22 -0500
commit1f806b8137526c425598af4fd334aa73503c23aa (patch)
tree53fd1840a5b99eb3314ed27bce2f39f3f9f71d48
parente10ea0abd81a7ec0cefcfd8fbb9c6d61f793b55f (diff)
README.md: Update 'How to use the revocation script' section.
-rw-r--r--README.md40
1 files changed, 10 insertions, 30 deletions
diff --git a/README.md b/README.md
index 1085793..7fe598a 100644
--- a/README.md
+++ b/README.md
@@ -317,47 +317,27 @@ Second, you will need the PEM encoded signed certificate that was produced by
`sign_csr.py`.
Third, you run the script using python and passing in the path to your user
-account public key and the signed domain certificate. The paths can be relative
-or absolute. If you wish to give the script access to your user private key, it
-can accept that as an optional argument.
+account key and the signed domain certificate. The paths can be relative or
+absolute.
```sh
-python3 revoke_crt.py --public-key user.pub domain.crt
+python3 revoke_crt.py -k user.key domain.crt
```
-When you run the script, it will ask you do one manual signature. It has to ask you
-to do these because it doesn't know your private key. You can edit the manual
-commands to fit your situation (e.g. if your private key is in a different
-location).
-
-NOTE: When the script asks you to run these manual commands, you need to run
-them in a separate terminal window. You need to keep the script open while you
-run them. They sign temporary test files that the script created, so if you exit
-or continue the script before you run the commands, those test files will be
-destroyed before they can be used correctly (and you'll have to run the script
-again).
-
-The `*.json` and `*.sig` files are temporary files automatically generated by
-the script and will be destroyed when the script stops. They only contain the
-protocol requests and signatures. They do NOT contain your private keys
-because this script does not have access to your private keys.
-
### Help text
```
user@hostname:~$ python3 revoke_crt.py --help
-usage: revoke_crt.py [-h] -p PUBLIC_KEY [-r PRIVATE_KEY] crt_path
+usage: revoke_crt.py [-h] -k ACCOUNT_KEY crt_path
-Get a SSL certificate revoked by a Let's Encrypt (ACME) certificate authority.
-You do NOT need to run this script on your server and this script does not ask
-for your private keys. It will print out commands that you need to run with
-your private key, which gives you a chance to review the commands instead of
-trusting this script.
+Get a SSL certificate revoked by a Let's Encrypt (ACME) certificate
+authority. You do NOT need to run this script on your server, it is
+meant to be run on your computer.
NOTE: YOUR PUBLIC KEY NEEDS TO BE THE SAME KEY USED TO ISSUE THE CERTIFICATE.
Prerequisites:
* openssl
-* python3
+* python 3
Example:
--------------
@@ -369,8 +349,8 @@ positional arguments:
optional arguments:
-h, --help show this help message and exit
- -p PUBLIC_KEY, --public-key PUBLIC_KEY
- path to your account public key
+ -k ACCOUNT_KEY, --account-key ACCOUNT_KEY
+ path to your Let's Encrypt account private key
user@hostname:~$
```