I requested a certificate with the
--key-path parameter pointing to a key in
/etc/ssl/private, thinking that I could use a long-lived key and public key pinning that way.
The certificate was issued, but for a newly generated key in
/etc/letsencrypt/live. Oddly enough, the key I specified is referenced in a config file in
Can I change the config in
/etc/letsencrypt/renewal to reference the generated key and delete the one I initially intended to use, or would that be shooting myself in the foot?
Also, did I misunderstand what the
--key-path parameter is used for?