[CentOS] Certificates

Sat Sep 1 23:44:25 UTC 2018
Matthias Bethke <matthias at towiski.de>

On September 2, 2018 1:12:58 AM GMT+07:00, Rainer Duffner <rainer at ultra-secure.de> :
>I’m pretty sure LE creates a new private key, too.
>From a cursory glance at lego’s certificate directory on a server with
>a couple of dozens of LE certificates at least.
>After all, changing the private key is what this is all about (showing
>that you’re still in charge).

It doesn't hurt when the process is automated anyway but it's by no means necessary. The limited validity period limits how long an attacker can abuse the cert they should get hold of it. However if you have no reason to suspect a compromise, it's by no means necessary. It doesn't improve security (if you've been hacked in a way you don't notice, it's highly likely the new key would leave your system the same way the previous one did) and it's just one more thing that can go wrong of you so it manually.