Just out of curiosity - why is the RSA keysize limited to only 4096 bits? Is this a legal requirement? I tried to go a 8191 and was rejected. Why the limitation? Just out of curiosity.
It’s not a limitation of Certbot but of the Let’s Encrypt CA itself. It won’t sign any certificate with a RSA key length greater than 4096 bits.
I think the general consensus is that there’s no substantial security benefit over 4096 bits, and it makes the TLS handshake much slower.
There’s a number of CAs that do allow RSA keys that large, there’s no specific rule against it: https://censys.io/certificates?q=parsed.subject_key_info.rsa_public_key.length%3A+8192+and+tags%3Atrusted
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.