starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

RSA key 4096 #146

New Issue
Closed
opened 2025-12-29 00:25:50 +01:00 by adam · 4 comments
adam commented 2025-12-29 00:25:50 +01:00
Owner
Copy Link

Originally created by @venigo on GitHub (Sep 15, 2016).

Howto set all certs on 4096 to get a better score?

I run the script like ./letsencrypt.sh -c

The output:

1 Sent by server
Fingerprint SHA1: 1bc48b413fb0fd446161f284050ee7d955a2c13d
Pin SHA256: 8d4OB2KT3OBcUvgs8BiZrqjPhNyozJNNBBexbQ0Q9MA=
RSA 4096 bits (e 65537) / SHA256withRSA
2 Sent by server Let's Encrypt Authority X3
Fingerprint SHA1: e6a3b45b062d509b3382282d196efe97d5956ccb
Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=
RSA 2048 bits (e 65537) / SHA256withRSA
3 In trust store DST Root CA X3 Self-signed
Fingerprint SHA1: dac9024f54d8f6df94935fb1732638ca6ad77c13
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate

Originally created by @venigo on GitHub (Sep 15, 2016). Howto set all certs on 4096 to get a better score? I run the script like ./letsencrypt.sh -c The output: > 1 Sent by server > Fingerprint SHA1: 1bc48b413fb0fd446161f284050ee7d955a2c13d > Pin SHA256: 8d4OB2KT3OBcUvgs8BiZrqjPhNyozJNNBBexbQ0Q9MA= > RSA 4096 bits (e 65537) / SHA256withRSA > 2 Sent by server Let's Encrypt Authority X3 > Fingerprint SHA1: e6a3b45b062d509b3382282d196efe97d5956ccb > Pin SHA256: YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg= > RSA 2048 bits (e 65537) / SHA256withRSA > 3 In trust store DST Root CA X3 Self-signed > Fingerprint SHA1: dac9024f54d8f6df94935fb1732638ca6ad77c13 > Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= > RSA 2048 bits (e 65537) / SHA1withRSA > Weak or insecure signature, but no impact on root certificate
adam closed this issue 2025-12-29 00:25:51 +01:00
adam commented 2025-12-29 00:25:51 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Sep 15, 2016):

The certificates generated by this script are using 4096 bit RSA keys by default, the 2048 bit key ist the root CA key which was generated by Let's Encrypt.

@lukas2511 commented on GitHub (Sep 15, 2016): The certificates generated by this script are using 4096 bit RSA keys by default, the 2048 bit key ist the root CA key which was generated by Let's Encrypt.
adam commented 2025-12-29 00:25:52 +01:00
Author
Owner
Copy Link

@venigo commented on GitHub (Sep 15, 2016):

Thank you for the reply,

So how can I fix this (not an expert user).
Remove the 2 2048 bit ca keys? How?

2016-09-15 10:43 GMT+02:00 Lukas Schauer notifications@github.com:

The certificates generated by this script are using 4096 bit RSA keys by
default, the 2048 bit key ist the root CA key which was generated by Let's
Encrypt.


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/lukas2511/dehydrated/issues/276#issuecomment-247271052,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AMDb4UlUb55yVylR5u46zA2tWc5hGFRHks5qqQU-gaJpZM4J9lsz
.

@venigo commented on GitHub (Sep 15, 2016): Thank you for the reply, So how can I fix this (not an expert user). Remove the 2 2048 bit ca keys? How? 2016-09-15 10:43 GMT+02:00 Lukas Schauer notifications@github.com: > The certificates generated by this script are using 4096 bit RSA keys by > default, the 2048 bit key ist the root CA key which was generated by Let's > Encrypt. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > https://github.com/lukas2511/dehydrated/issues/276#issuecomment-247271052, > or mute the thread > https://github.com/notifications/unsubscribe-auth/AMDb4UlUb55yVylR5u46zA2tWc5hGFRHks5qqQU-gaJpZM4J9lsz > .
adam commented 2025-12-29 00:25:52 +01:00
Author
Owner
Copy Link

@venigo commented on GitHub (Sep 15, 2016):

Is it in the sh script..

Is it possible to add --rsa-key-size 4096?

@venigo commented on GitHub (Sep 15, 2016): Is it in the sh script.. Is it possible to add --rsa-key-size 4096?
adam commented 2025-12-29 00:25:52 +01:00
Author
Owner
Copy Link

@minagerges commented on GitHub (Sep 15, 2016):

@venigo , there is no further action required from your side or this repository owner, everything is working as it should and as you expect.
You can not change anything related to the intermediate cert or ca cert.
Google is your friend to get more knowledge on digital certs.

@minagerges commented on GitHub (Sep 15, 2016): @venigo , there is no further action required from your side or this repository owner, everything is working as it should and as you expect. You can not change anything related to the intermediate cert or ca cert. Google is your friend to get more knowledge on digital certs.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#146
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?