Re-use private key (For TLSA/DANE)


I’ve got Certify The Web up-and-running for LE certificates. However when renewing the certificates, a new private key is also generated. This does not work for a webserver using DANE/TLSA, since the DNS records manually needs to be updated.

For certbot there’s the ‘–keep --reuse-key=true’ possibility, but what about Certify The Web?


Yes, if you look under your managed certificate settings under Certificate > Advanced > Signing & Security there is an option under Private Key “Use same Private Key for renewals.”, you will then need to request your cert again and the private key used will be saved for re-use from then on.

Alternatively, you could provide your own custom CSR file (based on a private key you hold).

Aaah, got it :). Totally missed the Advanced section. Thank your for your assistance

1 Like