Hi,
I read through serveral posts but for me it is/was not clear where to put the forcing of the to be changed key size.
Is it /etc/letsencrypt/cli.ini with rsa-key-size = 4096
AND/OR
/etc/letsencrypt/renewal/example.com with rsa_key_size = 4096
Thanks in advance,
br,
Mike
This is probably the easiest change to make, assuming you want it to affect all current and future certificates.
It will override whatever is set in the /etc/letsencrypt/renewal/*.conf files, so you don't need to worry about those.
thanks for ur quick answer, so if set in both it would also do no harm? or would it be overkill?
so cli.ini is kind of global setting whereas example.com is specific for this domain?
That's right.
One annoying thing to take care of is that the settings in cli.ini and example.com.conf are not interchangeable. There is some overlap, but the setting names and meanings are not same. You'll notice the difference between the two option names with - and _, for example.
Nothing bad will happen. If you set it in both, cli.ini will just overwrite the .conf file at the next renewal.
ahhh, ok, thanks for pointing that out, didnt realize the different parameter typing 
many thanks!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.