How to create an account key using -n?

[star26bsd]

Hi! I am using 0.17 on OpenBSD 5.9-Stable. I have read that I need to create an account key first using -n. However, all attempts on using -n properly failed:

# letskencrypt -n                                                                                                               
usage: letskencrypt [-Fnrsv] [-C challengedir] [-c certdir] [-f accountkey] [-k domainkey] [-u user] domain [altnames...]
# letskencrypt -n my-domain.com
letskencrypt: /etc/ssl/letsencrypt/private/privkey.pem: -k file must exist

I have read the man page a dozen times and can't figure it out. thanks for your help.

[kristapsdz]

The -n flag will create the account key, not the domain key. You need to create the domain key yourself, as now documented in the EXAMPLES section of letskencrypt.1. Does this clear that up? (And as noted in the other issue, do other clients create the domain key for you as well?)

[star26bsd]

Great, thank you. I had assumed the key creation is done by letskencrypt. However, it does make sense to create the private key manually, of course. The new EXAMPLES section shows this nicely. Thanks!

[kristapsdz]

I've also added the -N flag to the latest version, which will create this for you.