Question about renewing wildcard


#1

Hello,
We just deploy a wildcard certificate generated from docker, and push the certificate on all our subdomain.
I’m just asking if, when we renew a wildcard certificate, it validate our existing set of keys for some new months or it generate a new set of keys and we need to push it on our webservers again each time we renew?


#2

Well as far as I know,
I use sslforfree which when you want to renew them you must take another acme challenge by using another dns txt verification.


#3

As for private keys, that depends on how you went about generating the certificate, but by default, Certbot does indeed use a new private key each time. However, even if you used the same private key, you would still need to distribute the new certificates to the webservers regardless, as that changes with a renewal as well.


#4

Thank you guys.
I generated it with dns txt verification.
Jared, you perfectly answered to my questions, and it is the really sad answer that I expected, I must deploy again and again the new keys on all my webservers…


#5

If you do reuse the private key, you’ll still need to distribute the new certificate to all the web servers.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.