2048 Key Length using Crypt-LE

Tool: Crypt-LE (Releases · do-know/Crypt-LE · GitHub) @leader

My web server is (include version): IIS

The operating system my web server runs on is (include version): Windows Server 2012 R2

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Crypt-LE v 0.38 (Releases · do-know/Crypt-LE · GitHub)

Does anyone know if it's possible to generate certs with 2048 key length with this tool instead of 4096, which seems to be the default?



I'm not familiar with this client. However I took a quick read through the code, and it looks like the legacy command line flag will generate 2048 bit RSA keys, as well as another change around where it saves the CA files.

Alternatively, you can generate your own key file and use the -csr-key flag:

This is assuming you're using the le.pl script; if you're using it as a library in another perl project, you will have to read the API docs to understand how to change it.


That was extremely quick and absolutely correct. Also Windows executables use the same options, so this should work if you use those rather than the script too. Let me know in PM if it does or doesn't, @bradpcmac :slight_smile:

1 Like

Thanks @mcpherrinm & @leader

I searched the help file first, I promise :slight_smile: I should have read it more carefully. I think I searched for "2048" or "4096". This is extremely helpful for our testing, and we can move forward now.


3072 bit RSA is an option, if you think 2048 isn't enough.

4096 has an heavy performance penalty. But we shouldn't be using RSA anyway.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.