diff options
author | Brad Warren <bmw@eff.org> | 2020-08-27 21:01:21 +0300 |
---|---|---|
committer | Brad Warren <bmw@eff.org> | 2020-08-27 21:01:21 +0300 |
commit | f18117c839df90daaf7966381532933617cd2ece (patch) | |
tree | 662ef5f50b055964cadc3a857ce3fa08ae210d4f | |
parent | 2a047eb526ee02d4bb3bb3668260ac6d481b99d3 (diff) |
fix itfix-reuse-key-params
-rw-r--r-- | certbot/certbot/_internal/renewal.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/certbot/certbot/_internal/renewal.py b/certbot/certbot/_internal/renewal.py index c8402b018..ba7aa7675 100644 --- a/certbot/certbot/_internal/renewal.py +++ b/certbot/certbot/_internal/renewal.py @@ -316,7 +316,14 @@ def renew_cert(config, domains, le_client, lineage): domains = lineage.names() # The private key is the existing lineage private key if reuse_key is set. # Otherwise, generate a fresh private key by passing None. - new_key = os.path.normpath(lineage.privkey) if config.reuse_key else None + if config.reuse_key: + new_key = os.path.normpath(lineage.privkey) + # Rather than doing this, I think we probably want to actually inspect + # the key since https://github.com/certbot/certbot/issues/7694 shows + # that the current value may not be reliable. + config.rsa_key_size = renewal_params.get("rsa_key_size", cli.flag_default("rsa_key_size")) + else: + new_key = None new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key) if config.dry_run: logger.debug("Dry run: skipping updating lineage at %s", |