Renewal + changing from 2048 to 4096 keysize

I read through serveral posts but for me it is/was not clear where to put the forcing of the to be changed key size.

Is it /etc/letsencrypt/cli.ini with rsa-key-size = 4096
/etc/letsencrypt/renewal/ with rsa_key_size = 4096

Thanks in advance,

1 Like

This is probably the easiest change to make, assuming you want it to affect all current and future certificates.

It will override whatever is set in the /etc/letsencrypt/renewal/*.conf files, so you don't need to worry about those.


thanks for ur quick answer, so if set in both it would also do no harm? or would it be overkill?

1 Like

so cli.ini is kind of global setting whereas is specific for this domain?

That's right.

One annoying thing to take care of is that the settings in cli.ini and are not interchangeable. There is some overlap, but the setting names and meanings are not same. You'll notice the difference between the two option names with - and _, for example.

Nothing bad will happen. If you set it in both, cli.ini will just overwrite the .conf file at the next renewal.


ahhh, ok, thanks for pointing that out, didnt realize the different parameter typing :slight_smile:
many thanks!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.