From 3a4b69096f68cf73ed8fc45cbd4b8be429871170 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Thu, 18 Jan 2018 22:08:34 +0100 Subject: [PATCH] Clarifying documentation about account key being different from certificate's private key. (#35059) --- lib/ansible/modules/web_infrastructure/letsencrypt.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ansible/modules/web_infrastructure/letsencrypt.py b/lib/ansible/modules/web_infrastructure/letsencrypt.py index bff44f65b8b..a72c01cddc4 100644 --- a/lib/ansible/modules/web_infrastructure/letsencrypt.py +++ b/lib/ansible/modules/web_infrastructure/letsencrypt.py @@ -88,6 +88,9 @@ options: - "The CSR may contain multiple Subject Alternate Names, but each one will lead to an individual challenge that must be fulfilled for the CSR to be signed." + - "Note: the private key used to create the CSR I(must not) be the the + account key. This is a bad idea from a security point of view, and + Let's Encrypt will not accept the CSR." required: true aliases: ['src'] data: