search

dehydrated-io / dehydrated

letsencrypt/acme client implemented as a shell-script – just add water
https://dehydrated.io
MIT License
5.96k stars 716 forks source link

How to upgrade the key alogorithm #897

Closed ghost closed 1 year ago

ghost commented 1 year ago

Hello!

I'm currently running with:

KEY_ALGO=prime256v1

I would like to upgrade to the secp384r1 algorithm, but it is not clear to me how to proceed. Do I just change my config KEY_ALGO to the new value and wait for auto-renewal? Do I need to change anything else in my infrastructure, for example Apache configuration?

I'd appreciate some help.

Thank you.

PS: Maybe create an UPGRADE.md file with instructions, so people like me don't open issues in github?

lukas2511 commented 1 year ago

Normally you'd just need to wait for the next renewal or force a renewal.

If you have disabled PRIVATE_KEY_RENEW you'd of course need to re-enable it for this change. Also keep in mind that if PRIVATE_KEY_ROLLOVER is active the next key was already prepared with the old algorithm.