Certbot reusing private key


#1

Please fill out the fields below so we can help you better.

My domain is: N/A

My operating system is (include version): Ubuntu 14.04 LTS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Does Certbot have functionality to use private keys (for HPKP) or not currently. I know it supports the --csr option but that doesn’t allow the automated renewal functionality (which I require for my use-cases)

Thanks


#2

No, the recommended way to use HPKP is to pin the root + backups


#3

True, but for my use case I already generated 10 keypairs which I pin with and I have two encrypted USB drives in two separate offline storage facilities contains backups of them.

In this way I am not stuck if a CA changed their intermediate or root without notice/goes under (It’s happened before cough DigiNotar and Comodo UserTrust.

Ah well I’ll write my own Bash wrapper to handle post renewal actions with my own CSR. Would be great if the LetsEncrypt team integrated it with the renewal functionality.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.