When creating a certificate request (csr), previously, if a key existed DA would reuse it as to not break the existing key. However, if the old key was 1024 and the certificate request was for 2048 bits, the old 1024 key would still be used. This fix checks the old key for it's bit size. If it's a mismatch to the request, the old key is backed up to: /home/user/backup-domain.com-1024-bit.key or /home/user/backup-domain.com-2048-bit.key (if they go back to 1024) The new bit-size key will be installed. Since the new key no longer matches the old certificate, DA will swap the User to use the shared server certificate until they get the new value back. Note that the User *can* restore his old key/cert pair by copying the contents of the above backup key into the ssl window along with the old certificate that is present there... However, the User *must* copy/backup the new cert that is in the ssl window or else it will be lost and the newly requested certificate will be invalid. SKINS: user/ssl_request.html add: |*if NOTICE!=""| <tr><td class=listwrap><b>|NOTICE|</b></td></tr> |*endif| in the table, just below the first listtitle line. THis is what notifies the User that their key has been changed.