Question about the domain key (RSA Private Key) when renewing

I have been using to get certs since I don’t have anything integrated on my server to do this automatically yet.

I just renewed a certificate issued a few months ago. I used the CSR and Let’s Encrypt Account Key to authenticate the new cert.

I notice this time I didn’t get a domain key (RSA Private Key) so I just used the same one from last time, and it worked.

I just wanted to clarify this point. Is one unchangeable RSA Private Key forever associated with the same CSR?



Yes, the CSR contains the public key corresponding to your private key.


This is also mentioned in ZeroSSL FAQ:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.