[Bug]: step ca rekey does not create new keys when used with the --daemon flag

[mikerquinn]

Steps to Reproduce

step ca rekey ssl-cert.pem ssl-cert.key --force --exec post_renew.sh works like it should but
step ca rekey ssl-cert.pem ssl-cert.key --force --exec post_renew.sh --rekey-period 1m --daemon just renews without a new key

Your Environment

• OS - Linus Ubuntu 24.04
• step CLI Version - Smallstep CLI/0.27.2 (linux/amd64)
  Release Date: 2024-7-18T18:15:09Z

Expected Behavior

I expected the certificate to be renewed with a new private key.

Actual Behavior

It is renewed with the same key, same as if you had run step ca renew. This only happens when running with the --daemon flag.

Additional Context

Brought this up on the Discord and "Dopey" requested that I put in an issue.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[aliamerj]

@dopey @hslatman
Hi, I fixed this bug

Root Cause

As I understand
The bug occurs because both commands share the same renewer.Daemon() method, which only implements certificate renewal logic without key regeneration. The rekey command needs to generate new keys in daemon mode.

I open this PR #1441 fixing this bug
Happy to help :)