From e084c0e36a70e3d38ef888926bb75fbd37e85d4c Mon Sep 17 00:00:00 2001
From: rsiddharth <s@ricketyspace.net>
Date: Mon, 3 Feb 2020 17:32:44 -0500
Subject: README.md: Update introduction.

The ACME v2 of the sign_csr.py and revoke_crt.py require the user
account private key.
---
 README.md | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 8b314dc..4b8d939 100644
--- a/README.md
+++ b/README.md
@@ -16,12 +16,10 @@ it signed. The script goes through the [ACME protocol](https://github.com/ietf-w
 with the Let's Encrypt certificate authority and outputs the signed certificate
 to stdout.
 
-This script doesn't know or ask for your private key, and it doesn't need to be
-run on your server. There are some parts of the ACME protocol that require your
-private key and access to your server. For those parts, this script prints out
-very minimal commands for you to run to complete the requirements. There is only
-one command that needs to be run as root on your server and it is a very simple
-python https server that you can inspect for yourself before you run it.
+This script is meant to be run on your computer locally. It requires you to pass
+your account private key. If the account private key is encrypted, openssl will
+directly ask for the passphrase each time the private key is needed to sign
+requests or data.
 
 ## Table of Contents
 
-- 
cgit v1.2.3