Is it possible?


Hello is it possible to generate certificate wtih 4096 bit and sha256?


Yes it is.

The size of the key associated with the certificate is a decision left to the client. The official client defaults to a 2048-bits RSA key, but you are free to specify another size with the --rsa-key-size option.

As for the hash algorithm, Let’s Encrypt already uses SHA-256, you have nothing to do.


Note that the only RSA key sizes currently accepted by the Let’s Encrypt CA are 2048, 3072, and 4096 bits. (The client is capable of requesting a cert for a different key size, but the Let’s Encrypt CA won’t issue it.)


Thank you for info :slight_smile:


Actually, goodKeyRSA() only checks for 2048 >= keysize >= 4096 and divisibility by 8 or not divisible by some small prime numbers:


@Osiris, thanks for the correction!