SSL Certificate Renewal - does the certificate stay the same?

I am new to Let’s Encrypt and I know the SSLs expire in 90 days and need to be renewed before that. My question: when the SSL is renewed, do the CSR & public/private keys stay the same? Thanks in advance.

If you use certbot for the whole process, the private key is changed on every renewal. This helps with security in the event of a private key leak. Certbot does keep the same filenames and locations to make it easier on configurations.

If you use certbot in csr mode (use a pre-made csr), then you can keep the private key the same. Likewise, other tools that use the ACME protocol that Let’s Encrypt uses for issuance may keep the same private key.

I’m using the AutoSSL feature in cPanel’s WHM for my server:

https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/ https://blog.cpanel.com/announcing-cpanel-whms-official-lets-encrypt-with-autossl-plugin/

You’ll probably need to ask cPanel support how they are handling key rotation then.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.