Is it possible?

Hello is it possible to generate certificate wtih 4096 bit and sha256?

Yes it is.

The size of the key associated with the certificate is a decision left to the client. The official client defaults to a 2048-bits RSA key, but you are free to specify another size with the --rsa-key-size option.

As for the hash algorithm, Let’s Encrypt already uses SHA-256, you have nothing to do.

1 Like

Note that the only RSA key sizes currently accepted by the Let’s Encrypt CA are 2048, 3072, and 4096 bits. (The client is capable of requesting a cert for a different key size, but the Let’s Encrypt CA won’t issue it.)

1 Like

Thank you for info :slight_smile:

Actually, goodKeyRSA() only checks for 2048 >= keysize >= 4096 and divisibility by 8 or not divisible by some small prime numbers:


@Osiris, thanks for the correction!