Changing SSL default keysize from 2048 to 4096 afterwards, do you have to renew all certs as LetsEncrypt then?

3 posts / 0 new
Topic locked
Last post
#1 Wed, 10/24/2018 - 06:16
Jfro

Changing SSL default keysize from 2048 to 4096 afterwards, do you have to renew all certs as LetsEncrypt then?

Changing SSL default keysize from 2048 to 4096 afterwards, do you have to renewe all certs as LetsEncrypt then? CENTOS 7.5.x VM 6.3

So if you change under Virtualmin Configuration > SSL Settings: Is it already possible to change to 4096 bits without errors?

And do you have to manually renew all older created with 2048 BITS CERTS afterwards as Letsencrypt, DKIM keys and so on?

IF so is there a Automation possible to set ( script from Virtualmin), that is also taking care of the Letsencrypt maximum you are allowed...

Wed, 10/24/2018 - 19:53
andreychek

Howdy,

Changing the default keysize in Webmin does not affect any existing SSL certificates. You'd need to re-generate those SSL certificates.

I haven't tried using 4096 bit keys for Let's Encrypt previously, but I suspect it'd work. A quick Google search suggests that Let's Encrypt does support it, so that should work just fine.

That said, certainly try a test on one after making that change to see if it works as expected.

-Eric

Thu, 10/25/2018 - 01:46
Jfro

The try, ok i understand. That LE is / should working ( other CP) with 4096 i know) ;) I remember only that i tried before with setting up last year the box the 4096 i get errors, but probably i did thing the wrong way, and started a fresh install then.

Left the 2048 on the VM Box

Later in Summer maybe i give it a try, is a produktion box for at least 1 Website for winter. ( i don't want to break... if doing parts not right)

Topic locked