[CentOS] Certificates
Matthias Bethke
matthias at towiski.de
Sat Sep 1 23:44:25 UTC 2018
On September 2, 2018 1:12:58 AM GMT+07:00, Rainer Duffner <rainer at ultra-secure.de> :
>I’m pretty sure LE creates a new private key, too.
>From a cursory glance at lego’s certificate directory on a server with
>a couple of dozens of LE certificates at least.
>
>After all, changing the private key is what this is all about (showing
>that you’re still in charge).
It doesn't hurt when the process is automated anyway but it's by no means necessary. The limited validity period limits how long an attacker can abuse the cert they should get hold of it. However if you have no reason to suspect a compromise, it's by no means necessary. It doesn't improve security (if you've been hacked in a way you don't notice, it's highly likely the new key would leave your system the same way the previous one did) and it's just one more thing that can go wrong of you so it manually.
Cheers,
Matthias
More information about the CentOS
mailing list