install --key-path (fixes #550)

2026-06-04 06:15:36 -04:00 · 2015-06-26 12:16:25 +00:00 · 2015-06-26 12:16:25 +00:00 · abbd2483a5
commit abbd2483a5
parent b1b3befd04
3 changed files with 9 additions and 5 deletions
--- a/examples/generate-csr.sh
+++ b/examples/generate-csr.sh
@ -20,7 +20,7 @@ done
 SAN="$domains" openssl req -config "${OPENSSL_CNF:-openssl.cnf}" \
  -new -nodes -subj '/' -reqexts san \
  -out "${CSR_PATH:-csr.der}" \
-  -keyout key.pem \
+  -keyout "${KEY_PATH:-key.pem}" \
  -newkey rsa:2048 \
  -outform DER
 # 512 or 1024 too low for Boulder, 2048 is smallest for tests
--- a/letsencrypt/cli.py
+++ b/letsencrypt/cli.py
@ -207,7 +207,7 @@ def install(args, config, plugins):
    domains = _find_domains(args, installer)
    acme = _init_acme(config, acc, authenticator=None, installer=installer)
    assert args.cert_path is not None  # required=True in the subparser
-    acme.deploy_certificate(domains, acc.key.file, args.cert_path, args.chain_path)
+    acme.deploy_certificate(domains, args.key_path, args.cert_path, args.chain_path)
    acme.enhance_config(domains, args.redirect)


@ -532,9 +532,10 @@ def _create_subparsers(helpful):
    parser_install.add_argument(
        "--cert-path", required=True, help="Path to a certificate that "
        "is going to be installed.")
+    parser_install.add_argument(
+        "--key-path", required=True, help="Accompynying private key")
    parser_install.add_argument(
        "--chain-path", help="Accompanying path to a certificate chain.")
-
    parser_revoke.add_argument(
        "--cert-path", type=read_file, help="Revoke a specific certificate.")
    parser_revoke.add_argument(
--- a/tests/boulder-integration.sh
+++ b/tests/boulder-integration.sh
@ -26,7 +26,8 @@ common() {
 common --domains le1.wtf auth
 common --domains le2.wtf run

-export CSR_PATH="${root}/csr.der" OPENSSL_CNF=examples/openssl.cnf
+export CSR_PATH="${root}/csr.der" KEY_PATH="${root}/key.pem" \
+       OPENSSL_CNF=examples/openssl.cnf
 ./examples/generate-csr.sh le3.wtf
 common auth --csr "$CSR_PATH" \
       --cert-path "${root}/csr/cert.pem" \
@ -34,7 +35,9 @@ common auth --csr "$CSR_PATH" \
 openssl x509 -in "${root}/csr/0000_cert.pem" -text
 openssl x509 -in "${root}/csr/0000_chain.pem" -text

-common --domain le3.wtf install --cert-path "${root}/csr/cert.pem"
+common --domain le3.wtf install \
+       --cert-path "${root}/csr/cert.pem" \
+       --key-path "${root}/csr/key.pem"

 # the following assumes that Boulder issues certificates for less than
 # 10 years, otherwise renewal will not take place