Hi folks,
in order to switch from rsa to ecdsa keys, i checked the documentation how to do it:
# Use ECC for the private key
key-type = ecdsa
elliptic-curve = secp384r1
So i wanted to edit my .conf file but noticed that it looks different:
rsa_key_size = 4096
key_type = rsa
As you can see, underscores are used instead of hyphen.
What is correct?
You should not edit the certificate renewal configuration files by hand, but use the CLI options with the reconfigure subcommand.
Can you tell why not? The official documentation states:
If you want to use ECDSA keys for all certificates in the future (including renewals of existing certificates), you can add the following line to Certbot’s configuration file:
key-type = ecdsa
Anyway, i used certbot reconfigure --cert-name domain.tld --key-type ecdsa like you suggested.
Seems like it worked. Underscores are used, so i assume, the documentation is wrong.
That's for the cli.ini configuration file, not the renewal configuration files in the /renewal/ directory.
The documentation is fine, you're just misinterpreting it.
Although the "Certificate specific configuration choices should be set in the .conf files that can be found in /etc/letsencrypt/renewal." part is confusing and should probably just be removed. People should not modify those manually. I'll make a PR on GitHub to remove that part.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.