Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME 0.6.3 Changing domain key size on existing entry (renew)

    Scheduled Pinned Locked Moved ACME
    1 Posts 1 Posters 587 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dld_r00f
      last edited by

      Hi,
      I tryed to change key size on existing domain cert, but it did not work. Is it possible to add key size field to acme.sh renew call?

      Inicial key size = 4096
      This is the first call (Issue):

      /usr/local/pkg/acme/acme.sh --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --createDomainKey -d '*.sub.domain.org' --keylength '4096' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_createdomainkey.log'
      

      I was edited entry and set the key size to 2048.
      This is the second call (Renew):

      /usr/local/pkg/acme/acme.sh --issue -d '*.sub.domain.org' --dns 'dns_nsupdate' --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --force --reloadCmd '/tmp/acme/sub.domain.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_issuecert.log'
      

      And the new key size is 4096 bytes.

      When I call it manually all works fine:

      /usr/local/pkg/acme/acme.sh --issue -d '*.sub.domain.org' --keylength '2048' --dns 'dns_nsupdate' --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --force --reloadCmd '/tmp/acme/sub.domain.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_issuecert.log'
      

      And after than standart renew without the key size work fine with the last key size (2048).

      So if add --keylength 'xxxx' parameter to renew call permanetly all will work fine. Is it possible in future relases? Or some patch maybe?

      Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.