I’ve changed settings in webmin and virtualmin to set the default SSL key size to a larger value than 2048 but all regenerated keys are still the default length of 2048.
To be specific, the settings under: Virtualmin > System Settings > Virtualmin Config > SSL Settings > Default SSL Key Size and Webmin > Webmin > Webmin Configuration > [Gear Icon] > Let's Encrypt Configuration
Both have been changed, but the generated key is still 2048 bits.
How do I force virtualmin to request a larger key size from LE?
Thanks. As per the original post (which I have now clarified) I already set those settings. The value shows 4096 but the key that is requested from LE still shows 2048 bits key size when I inspect the key file.
This is either a bug or there is a setting hidden away some where that overrides the default.
I can’t seem to find key size related settings in server templates or plan settings. I’ve disabled reuse key, and tried to get a cert for a different domain, and still cannot get a cert with the appropriate key size for any domain on the server…
If I make use of certbot directly, will it play well with whatever Virtualmin does or would this potentially break SSL or other service configs?
The only way I was able to get the key to actually update was to remove it manually before requesting a new key.
This is far from ideal for a workflow and puts services at risk of failure while the certs are requested.
No documentation or tool-tips to suggest this is normal behavior. No indication of what is actually happening with certbot/LE under the hood either.
So in my opinion, some better documentation and UI around this would be great to avoid confusing hours of settings boxing and searches that yield no applicable results.
I’d mark this solved, but honestly the bug exists and the solution is a fix that doesn’t require deleting the files in order to effectively change settings.
If I change settings that are directly related to certificates, and the key they are a pair with, then click a button that says “Request Certificate” it should respect the settings that are changed. Re-use key is disabled, and the key size setting is changed. There is not a button that says “Get New Key” and there is no indication in the UI that anything prevented a Key update. It just prints business as normal, got a new cert, restarting services.
The UI image posted by stefan1959 is not what I see when using Authentic Theme 21.09.5 in dark mode. Perhaps there is another option elsewhere that enables that really handy log output shown above?
Maybe there should be a button that says “Update SSL Key” in addition to “Request Certificate” on the lets encrypt page…
