I requested a certificate with the --key-path
parameter pointing to a key in /etc/ssl/private
, thinking that I could use a long-lived key and public key pinning that way.
The certificate was issued, but for a newly generated key in /etc/letsencrypt/live
. Oddly enough, the key I specified is referenced in a config file in /etc/letsencrypt/renewal
.
Can I change the config in /etc/letsencrypt/renewal
to reference the generated key and delete the one I initially intended to use, or would that be shooting myself in the foot?
Also, did I misunderstand what the --key-path
parameter is used for?