It is supposed to be. However there are clients that create a new account for each certificate issuance attempt but they’re not following the spec.
The account is how things like rate limit increases, or binding an account to an external service takes place. On Thu, Nov 28, 2024 at 22:33 Michael Richardson <[email protected]> wrote: > > Aaron Gable <[email protected]> wrote: > > > Hi Michael, > > > On Wed, Nov 27, 2024, 15:59 Michael Richardson < > [email protected]> > > wrote: > > >> > > I'm unclear from reading 8555 if this key is retained across orders > >> (like a renewal 60 days later), or if a new key is generated each > time. > >> Is the newAccount key always the same key as the CSR key? > >> > > > The account key is almost never the same as the CSR key -- they serve > > different purposes and have different security properties, so the > same key > > should not be used for both. In fact, Let's Encrypt rejects CSRs > which > > contain a pubkey that is also in use as an account key. > > Thank you for the clarification. > So then, is the account key retained across invocations? > > > -- > Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > Acme mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ Acme mailing list -- [email protected] To unsubscribe send an email to [email protected]
