From 73679a4e8556c49093ff69291a758a23672d33ec Mon Sep 17 00:00:00 2001
From: James Kasten <jdkasten@umich.edu>
Date: Tue, 5 May 2015 14:15:48 -0700
Subject: [PATCH] generate a separate key for the certificate

---
 letsencrypt/client/client.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/letsencrypt/client/client.py b/letsencrypt/client/client.py
index a4e98fa41..0422563c3 100644
--- a/letsencrypt/client/client.py
+++ b/letsencrypt/client/client.py
@@ -99,9 +99,7 @@ class Client(object):
 
         :meth:`.register` must be called before :meth:`.obtain_certificate`
 
-        .. todo:: This function currently uses the account key for the cert.
-            This should be changed to an independent key once renewal is sorted
-            out.
+        .. todo:: This function does not currently handle csr correctly...
 
         :param set domains: domains to get a certificate
 
@@ -127,8 +125,10 @@ class Client(object):
 
         # Create CSR from names
         if csr is None:
+            cert_key = crypto_util.init_save_key(
+                self.config.rsa_key_size, self.config.key_dir)
             csr = crypto_util.init_save_csr(
-                self.account.key, domains, self.config.cert_dir)
+                cert_key, domains, self.config.cert_dir)
 
         # Retrieve certificate
         certr = self.network.request_issuance(