Now I'm getting some really crazy suggestions in my mind:
-
Should my ACME client generate a new certificate private key for each renewal of a certificate, or should I keep using the same certificate key?
-
How often should I rotate my ACME account key?
I'm proposing these a bit tongue-in-cheek (if that's the right term), as they're probably not frequently asked and it may be that Let's Encrypt as an organization doesn't want to take a specific position on key rotation. It may actually be better to have questions asking more along the lines of "What are the pros and cons of key rotation" or something like that. Really I'm just adding them to the list since I want to satiate my own curiosity as when I tried asking about account key rotation in the past nobody really seemed to have a definitive answer, and it may be good to have documented somehow somewhere any "best practice" that should be encouraged.
(Probably I'm just bringing this thread off-topic, and further discussion about key rotation best practices should be spun off to a new thread.)