Description
Hi there,
I’m curious why the RENEW_PRIVATE_KEYS option can only be set globally and not on a per-container basis. Wouldn't it make more sense to have this configurable for each container?
My use case involves securing a single service (rspamd with Anonaddy) using TLSA/DANE, as I believe (too) many mail servers still accept self-signed certificates. If that's true(?), I would prefer to keep the existing key for the mail server while renewing the keys with each certificate for my other web services.
Additionally, I couldn't find any documentation on running two instances of acme-companion in parallel, where I could reuse the key specifically for the rspamd/mail instance. That could be another potential solution.
Alternatively, should I just set RENEW_PRIVATE_KEYS to false, switch to ec-384, and not worry about it further?
Thanks for your advice and help!