Generate New Public Key


#1

How do I regenerate my certificate and force the public key to change too? it seems the public key stays the same every time my certificate is renewed.


#2

What ACME client are you using? How did you generate the keypair and certificate?

I believe most ACME clients generate new keypairs when issuing new certificates by default.


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#3

I used certbot. I followed https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04 exactly.

Everything works fine, but every time i renew the certificate, the public key seems to stay the same. I need to change it.

(I’d rather not disclose my domain - I hope that’s ok :slight_smile:)


#4

Certbot always creates new keypairs by default, including when you follow that tutorial.


#5

Hi @cellydy

there is an explicit parameter

--reuse-key

So check your configuration files under

/etc/letsencrypt/renewal

and your cronjob, if this parameter is defined.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.