--reuse-key ambiguity

[bmw]

If you run

sudo certbot -d example.org --standalone certonly

Certbot will obtain a certificate using a 2048 bit RSA key.

If you then run

sudo certbot -d example.org --standalone certonly --force-renewal --rsa-key-size 4096 --reuse-key

the current 2048 bit RSA key is reused in the new certificate and the resulting renewal configuration file contains the following renewal parameters

reuse_key = True
rsa_key_size = 4096

I don't think this is the correct behavior. We had a brief conversation about this in Mattermost, where most people thought erroring out was the correct behavior.

This probably seems right, however, I then think we need a way to specify that a new key should be created and that key should be used for subsequent renewals. Peng suggested maybe using a separate flag for this?

I think we should fix this, however, I think this is technically a breaking change and should be done a little cautiously.

[ohemorange]

+1 to @m0namon's suggestion of erroring out with a helpful message.

[stale]

We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.

[alexzorin]

This probably seems right, however, I then think we need a way to specify that a new key should be created and that key should be used for subsequent renewals. Peng suggested maybe using a separate flag for this?

I've been looking at --reuse-key scenarios and it's mainly this question that's standing out.

Would it make sense to do a similar thing as we do for "unexpected key type migration"? That is:

• For interactive mode, an interactive prompt (1: Create a new key, or 2: Keep using the existing key). Both options would retain reuse_key.
• For non-interactive mode, error out: user needs to provide --cert-name in order to confirm the creation of a new key.

[bmw]

One problem I have is I think --reuse-key is ambiguous, even with --cert-name. When modifying an existing lineage with any subcommand which of the following does --reuse-key mean:

1. Reuse the existing key
2. Generate a new key and then reuse that key on subsequent renewals

I think currently it means (1) and I'm not sure the presence of --cert-name should change its behavior to (2). What's stopping a user from meaning (1) but still using --cert-name?

The details of the interactions with various other settings would need to be worked out, but the approach that I think I'd currently like the best would be to introduce a flag like --generate-and-reuse-key. After introducing this flag, --reuse-key would always mean (1) and the new flag would always mean (2). What do you think about something like this?

[adferrand]

Just to build on the potential alternatives, what about --new-key that always means "generate a new key" for commands that issue a new cert, --reuse-keythat always means "reuse key during renewal", and use both flags to say "generate a new key and reuse it during renewals"?

[alexzorin]

For sure renew --reuse-key is ambiguous. Certbot can always error in that case, directing them to certonly/run.

One problem I have is I think --reuse-key is ambiguous, even with --cert-name. When modifying an existing lineage with any subcommand which of the following does --reuse-key mean:

1. Reuse the existing key
2. Generate a new key and then reuse that key on subsequent renewals

I'm not feeling the {certonly,run} --reuse-key ambiguity.

Maybe I am alone with this, but I've always understood these verbs as generating a certificate from scratch, without looking at or inheriting the parameters of any previous lineages. It just happens to have the same certificate name.

From that perspective, it seems consistent that (2) is the unambiguous meaning.

The old lineage is only relevant in that we are adding a guardrail to prevent the user accidentally changing key types (or key parameters under reuse_key), as they overwrite the old lineage with a fresh one.

I guess I'm holding onto the idea that we could avoid a new flag, especially since it only applies to a rare case (reuse_key + key param change + non-interactive).

What do you think?

[adferrand]

But certonly and run are not always generating a new certificate from scratch: if a certificate already exists for this lineage and is not due to removal, certbot will skip the entire process, making this an equivalent, at least at first sight, to the renew verb.

So I think there is indeed an ambiguity with these verbs and so the interpretation of what --reuse-keywill do.

It seems that a dedicated flag, either on the specific combination of key for new cert + reuse on renew, or to do a combination of two flags (have you seen my proposition above ?) is the only way to build a clear and unique meaning for each flag.

[alexzorin]

making this an equivalent, at least at first sight, to the renew verb.

Initially I was disagreeing here, because renewal via {certonly,run} does not reconstitute renewal params (including reuse_key). In that sense, it is not equivalent to the renew verb.

But, thinking on this some more, Certbot already applies key reuse if doing a renewal via {certonly,run}.

If that's the behavior we want to keep for 2.0, then yes, I agree that a new flag like --new-key makes sense.