ACME 0.6.3 Changing domain key size on existing entry (renew)
-
Hi,
I tryed to change key size on existing domain cert, but it did not work. Is it possible to add key size field to acme.sh renew call?Inicial key size = 4096
This is the first call (Issue):/usr/local/pkg/acme/acme.sh --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --createDomainKey -d '*.sub.domain.org' --keylength '4096' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_createdomainkey.log'
I was edited entry and set the key size to 2048.
This is the second call (Renew):/usr/local/pkg/acme/acme.sh --issue -d '*.sub.domain.org' --dns 'dns_nsupdate' --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --force --reloadCmd '/tmp/acme/sub.domain.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_issuecert.log'
And the new key size is 4096 bytes.
When I call it manually all works fine:
/usr/local/pkg/acme/acme.sh --issue -d '*.sub.domain.org' --keylength '2048' --dns 'dns_nsupdate' --home '/tmp/acme/sub.domain.org/' --accountconf '/tmp/acme/sub.domain.org/accountconf.conf' --force --reloadCmd '/tmp/acme/sub.domain.org/reloadcmd.sh' --log-level 3 --log '/tmp/acme/sub.domain.org/acme_issuecert.log'
And after than standart renew without the key size work fine with the last key size (2048).
So if add --keylength 'xxxx' parameter to renew call permanetly all will work fine. Is it possible in future relases? Or some patch maybe?
Thanks in advance!