|
|
|
|
|
|
by tialaramex
1109 days ago
|
|
|
Somebody who cares about the acme.sh client specifically would be able to say, but in general it's not necessary that your ACME client has these keys. What the ACME protocol wants to do is hand over a CSR (Certificate Signing Request), and get back a certificate, and to achieve that it has to explain how you'll prove you're entitled to such a certificate. Most ACME clients will also make a suitable proof (in at least some cases), and also generate a suitable CSR from first principles, for which they will need to generate a new private key - but that's not a necessary part of the system, and it's certainly not rare to generate your own CSR, either because you must technically, or because your own security processes say strange women, lying in ponds, distributing swords is no basis for a system of government sorry, I mean, that this key is private and shouldn't be on the host running ACME services. |
|
|