diff options
author | rsiddharth <s@ricketyspace.net> | 2020-02-09 14:52:22 -0500 |
---|---|---|
committer | rsiddharth <s@ricketyspace.net> | 2020-02-09 14:52:22 -0500 |
commit | 1f806b8137526c425598af4fd334aa73503c23aa (patch) | |
tree | 53fd1840a5b99eb3314ed27bce2f39f3f9f71d48 /README.md | |
parent | e10ea0abd81a7ec0cefcfd8fbb9c6d61f793b55f (diff) |
README.md: Update 'How to use the revocation script' section.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 40 |
1 files changed, 10 insertions, 30 deletions
@@ -317,47 +317,27 @@ Second, you will need the PEM encoded signed certificate that was produced by `sign_csr.py`. Third, you run the script using python and passing in the path to your user -account public key and the signed domain certificate. The paths can be relative -or absolute. If you wish to give the script access to your user private key, it -can accept that as an optional argument. +account key and the signed domain certificate. The paths can be relative or +absolute. ```sh -python3 revoke_crt.py --public-key user.pub domain.crt +python3 revoke_crt.py -k user.key domain.crt ``` -When you run the script, it will ask you do one manual signature. It has to ask you -to do these because it doesn't know your private key. You can edit the manual -commands to fit your situation (e.g. if your private key is in a different -location). - -NOTE: When the script asks you to run these manual commands, you need to run -them in a separate terminal window. You need to keep the script open while you -run them. They sign temporary test files that the script created, so if you exit -or continue the script before you run the commands, those test files will be -destroyed before they can be used correctly (and you'll have to run the script -again). - -The `*.json` and `*.sig` files are temporary files automatically generated by -the script and will be destroyed when the script stops. They only contain the -protocol requests and signatures. They do NOT contain your private keys -because this script does not have access to your private keys. - ### Help text ``` user@hostname:~$ python3 revoke_crt.py --help -usage: revoke_crt.py [-h] -p PUBLIC_KEY [-r PRIVATE_KEY] crt_path +usage: revoke_crt.py [-h] -k ACCOUNT_KEY crt_path -Get a SSL certificate revoked by a Let's Encrypt (ACME) certificate authority. -You do NOT need to run this script on your server and this script does not ask -for your private keys. It will print out commands that you need to run with -your private key, which gives you a chance to review the commands instead of -trusting this script. +Get a SSL certificate revoked by a Let's Encrypt (ACME) certificate +authority. You do NOT need to run this script on your server, it is +meant to be run on your computer. NOTE: YOUR PUBLIC KEY NEEDS TO BE THE SAME KEY USED TO ISSUE THE CERTIFICATE. Prerequisites: * openssl -* python3 +* python 3 Example: -------------- @@ -369,8 +349,8 @@ positional arguments: optional arguments: -h, --help show this help message and exit - -p PUBLIC_KEY, --public-key PUBLIC_KEY - path to your account public key + -k ACCOUNT_KEY, --account-key ACCOUNT_KEY + path to your Let's Encrypt account private key user@hostname:~$ ``` |