0

I want to renew the letsencrypt certificate on my webserver but want to keep the private key same.

I've installed the certificate using certbot 0.35.1

How can I update the certificate (preferably using certbot) without changing the private key?

If possible can I automate this process, for auto renewal?

Cool Breeze
  • 121
  • 1
  • 3
  • Why do you want to keep the key? It is more secure to rotate the key. Is the key pinned? – Z.T. Jul 11 '19 at 14:29

1 Answers1

3

Create a certificate signing request (CSR) and let certbot renew that, using a command like this:

certbot certonly --csr csr.pem

The CSR contains your public key, so you keep the same key pair with this method.

Sjoerd
  • 28,707
  • 12
  • 74
  • 102