The Autocert <https://github.com/golang/crypto/blob/master/acme/autocert/autocert.go#L427>seem to create a new certificate from `rand` instead of use the same private key already existent. It seems to be the same behavior of the Certbot <https://community.letsencrypt.org/t/do-new-private-keys-get-regenerated-on-certificate-renewal/21486> .
It’s makes impossible to pinning the key, using *HPKP* or using the* CURLOPT_PINNEDPUBLICKEY*, and so on. My suggestion is to include a way to specify the value, rather than create a new random value each time. It can be something like `seed`, a random value generated previously, inside the `Manager` struct. Another option is creating some Boolean `random` that allow to specify if it need to be random or *reuse *the private key. In both cases, it will allow to renew the certificate with the same private key. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
