Meaning of the --key-path parameter

alexander · November 7, 2015, 4:52pm

I requested a certificate with the --key-path parameter pointing to a key in /etc/ssl/private, thinking that I could use a long-lived key and public key pinning that way.

The certificate was issued, but for a newly generated key in /etc/letsencrypt/live. Oddly enough, the key I specified is referenced in a config file in /etc/letsencrypt/renewal.

Can I change the config in /etc/letsencrypt/renewal to reference the generated key and delete the one I initially intended to use, or would that be shooting myself in the foot?

Also, did I misunderstand what the --key-path parameter is used for?

zanchey · November 17, 2015, 9:08am

Unfortunately, it looks like at this stage that “currently, --key-path can not be used to specify a private key for cert creation.”

There are some plans to implement it: see Allow cert creation with specified key #1491.

I’m not sure that you can change the configuration in the renewal file. Perhaps try it and see!

Topic		Replies	Views
Cli.ini and key-path or csr parameter Server	2	1687	June 4, 2016
Renewer fullchain_path Help	1	1280	November 9, 2016
Regarding the folder name after renewal Help	12	661	December 27, 2023
Force certbot-auto to generate certificate at a custom path instead of /etc/letsencrypt/live Help	4	6064	April 22, 2017
How to use existing private key with certbot? Help	9	7755	July 15, 2016

Meaning of the --key-path parameter

Related topics