ACME 0.6.3 Changing domain key size on existing entry (renew)

  • Hi,
    I tryed to change key size on existing domain cert, but it did not work. Is it possible to add key size field to renew call?

    Inicial key size = 4096
    This is the first call (Issue):

    /usr/local/pkg/acme/ --home '/tmp/acme/' --accountconf '/tmp/acme/' --createDomainKey -d '*' --keylength '4096' --log-level 3 --log '/tmp/acme/'

    I was edited entry and set the key size to 2048.
    This is the second call (Renew):

    /usr/local/pkg/acme/ --issue -d '*' --dns 'dns_nsupdate' --home '/tmp/acme/' --accountconf '/tmp/acme/' --force --reloadCmd '/tmp/acme/' --log-level 3 --log '/tmp/acme/'

    And the new key size is 4096 bytes.

    When I call it manually all works fine:

    /usr/local/pkg/acme/ --issue -d '*' --keylength '2048' --dns 'dns_nsupdate' --home '/tmp/acme/' --accountconf '/tmp/acme/' --force --reloadCmd '/tmp/acme/' --log-level 3 --log '/tmp/acme/'

    And after than standart renew without the key size work fine with the last key size (2048).

    So if add --keylength 'xxxx' parameter to renew call permanetly all will work fine. Is it possible in future relases? Or some patch maybe?

    Thanks in advance!

Log in to reply