In another forum (haproxy) I posted an excerpt of a fullchain.pem file containing pieces of the actual certs, but I obfuscated the posted text by deleting a couple of lines and x'ing out parts of a line in an ec256 private key.
Now someone there told that I exposed my private key to the public and I'd better revoke it.
What I did was to overwrite 32 characters of the middle of the three lines of the ec256 private key.
Would that be too dangerous?
By default acme.sh reuses keypairs on renewal, unless --always-force-new-domain-key is given.
If you blanked the exact middle 32 base64 characters of those three lines each**, you leaked approximately 69-77% of your private key*, which still leaves ~60-80 bits of unknown data approximately. Even if we only consider a (fairly naive) baby-step giant-step bruteforce (or alternatively, Pollard's kangaroo), this leaves at most 2^40 computation steps (and this is without even thinking about much faster attacks), so yes, I would consider that key to be 100% broken and disclosed.
*You can calculate this exactly, I only made a rough estimate by looking at entire base64 characters only.
**If you only blanked the middle line, you leaked 100% of the private key. For p256 keys, the first base64line contains the entire key (+ more).
Nevermind, I swapped the numbers in my head. You blanked ~69-77% of the key, not the other way around. The above computation is wrong in that case. Anyway, I would still revoke and replace that key.
Unfortunately acme.sh does not appear to have code to disable the reuse of a private key, even if it was revoked. I believe you can remove the private key + CSR from acme.sh's config directory to force the use of a new key on the next renewal.
Luckily Let's Encrypt would refuse to issue a certificate with a key pair if a previous cert with that key pair was revoked with "keyCompromise" as revocation reason. See Revoking Certificates - Let's Encrypt
Yes, I think so. I don't think CAs are required to consult each other's known-compromised key lists, it's just that if a CA learns about a compromised key they need to revoke it and block from future use.
There are sites like pwnedkeys which try to track known-compromised keys, but I don't think Let's Encrypt (or other CAs) regularly consult those kinds of services. (Those services sometimes will use ACME to revoke certificates if they find one in the wild, though.)