Renew private key by default, but keep option to disable this feature

diff --git a/docs/examples/config.sh.example b/docs/examples/config.sh.example
index 9bb943dc766cc971be8997df04428171c640b1a9..a3a45784557b7b22df250f3cb84f387507a35c1c 100644 (file)
--- a/docs/examples/config.sh.example
+++ b/docs/examples/config.sh.example
@@ -63,8 +63,8 @@
 # Minimum days before expiration to automatically renew certificate (default: 30)
 #RENEW_DAYS="30"
 
-# Regenerate private keys instead of just signing new certificates on renewal (default: no)
-#PRIVATE_KEY_RENEW="no"
+# Regenerate private keys instead of just signing new certificates on renewal (default: yes)
+#PRIVATE_KEY_RENEW="yes"
 
 # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
 #KEY_ALGO=rsa

diff --git a/letsencrypt.sh b/letsencrypt.sh
index 99493d0ac0ef0e287ce8e0b46aa7ba352f4095bd..e4a0af702508fc29534604659fb3389f91f8d11b 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -71,7 +71,7 @@ load_config() {
   ACCOUNT_KEY_JSON=
   KEYSIZE="4096"
   WELLKNOWN=
-  PRIVATE_KEY_RENEW="no"
+  PRIVATE_KEY_RENEW="yes"
   KEY_ALGO=rsa
   OPENSSL_CNF="$(openssl version -d | cut -d\" -f2)/openssl.cnf"
   CONTACT_EMAIL=