ACME 0.6.3 Changing domain key size on existing entry (renew)
-
Hi,
I tryed to change key size on existing domain cert, but it did not work. Is it possible to add key size field to acme.sh renew call?Inicial key size = 4096
This is the first call (Issue):/usr/local/pkg/acme/acme.sh --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --createDomainKey -d '*.sub.domain.org' --keylength '4096' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_createdomainkey.log'
I was edited entry and set the key size to 2048.
This is the second call (Renew):/usr/local/pkg/acme/acme.sh --issue -d '*.sub.domain.org' --dns 'dns_nsupdate' --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --force --reloadCmd '/tmp/acme/sub.domain.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_issuecert.log'
And the new key size is 4096 bytes.
When I call it manually all works fine:
/usr/local/pkg/acme/acme.sh --issue -d '*.sub.domain.org' --keylength '2048' --dns 'dns_nsupdate' --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --force --reloadCmd '/tmp/acme/sub.domain.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_issuecert.log'
And after than standart renew without the key size work fine with the last key size (2048).
So if add --keylength 'xxxx' parameter to renew call permanetly all will work fine. Is it possible in future relases? Or some patch maybe?
Thanks in advance!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.