From 1f806b8137526c425598af4fd334aa73503c23aa Mon Sep 17 00:00:00 2001
From: rsiddharth <s@ricketyspace.net>
Date: Sun, 9 Feb 2020 14:52:22 -0500
Subject: README.md: Update 'How to use the revocation script' section.

---
 README.md | 40 ++++++++++------------------------------
 1 file changed, 10 insertions(+), 30 deletions(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 1085793..7fe598a 100644
--- a/README.md
+++ b/README.md
@@ -317,47 +317,27 @@ Second, you will need the PEM encoded signed certificate that was produced by
 `sign_csr.py`.
 
 Third, you run the script using python and passing in the path to your user
-account public key and the signed domain certificate. The paths can be relative
-or absolute.  If you wish to give the script access to your user private key, it
-can accept that as an optional argument.
+account key and the signed domain certificate. The paths can be relative or
+absolute.
 
 ```sh
-python3 revoke_crt.py --public-key user.pub domain.crt
+python3 revoke_crt.py -k user.key domain.crt
 ```
 
-When you run the script, it will ask you do one manual signature.  It has to ask you
-to do these because it doesn't know your private key. You can edit the manual
-commands to fit your situation (e.g. if your private key is in a different
-location).
-
-NOTE: When the script asks you to run these manual commands, you need to run
-them in a separate terminal window. You need to keep the script open while you
-run them. They sign temporary test files that the script created, so if you exit
-or continue the script before you run the commands, those test files will be
-destroyed before they can be used correctly (and you'll have to run the script
-again).
-
-The `*.json` and `*.sig` files are temporary files automatically generated by
-the script and will be destroyed when the script stops. They only contain the
-protocol requests and signatures. They do NOT contain your private keys
-because this script does not have access to your private keys.
-
 ### Help text
 ```
 user@hostname:~$ python3 revoke_crt.py --help
-usage: revoke_crt.py [-h] -p PUBLIC_KEY [-r PRIVATE_KEY] crt_path
+usage: revoke_crt.py [-h] -k ACCOUNT_KEY crt_path
 
-Get a SSL certificate revoked by a Let's Encrypt (ACME) certificate authority.
-You do NOT need to run this script on your server and this script does not ask
-for your private keys. It will print out commands that you need to run with
-your private key, which gives you a chance to review the commands instead of
-trusting this script.
+Get a SSL certificate revoked by a Let's Encrypt (ACME) certificate
+authority.  You do NOT need to run this script on your server, it is
+meant to be run on your computer.
 
 NOTE: YOUR PUBLIC KEY NEEDS TO BE THE SAME KEY USED TO ISSUE THE CERTIFICATE.
 
 Prerequisites:
 * openssl
-* python3
+* python 3
 
 Example:
 --------------
@@ -369,8 +349,8 @@ positional arguments:
 
 optional arguments:
   -h, --help            show this help message and exit
-  -p PUBLIC_KEY, --public-key PUBLIC_KEY
-                        path to your account public key
+  -k ACCOUNT_KEY, --account-key ACCOUNT_KEY
+                        path to your Let's Encrypt account private key
 user@hostname:~$
 ```
 
-- 
cgit v1.2.3