petercooperjr:
certbot certificates
Certificate Name: katboose.com
Serial Number: 328b7907cd4755cda84ace8401a54bc6d96
Key Type: ECDSA
Domains: katboose.com
Expiry Date: 2023-10-30 14:33:30+00:00 (VALID: 68 days)
Certificate Path: /etc/letsencrypt/live/katboose.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/katboose.com/privkey.pem
certbot 2.6.0
Thank you. Here's what I'd try. (With the caveat that I haven't actually tried this myself.)
First:
certbot reconfigure --cert-name katboose.com --elliptic-curve=secp384r1
That will change your configuration for that certificate to use P-384 for future certificates.
Then, to test it,
certbot renew --cert-name katboose.com --dry-run
Which will try against the staging server.
Assuming that works, you can then:
certbot renew --cert-name katboose.com --force-renewal
Which will replace your certificate with a new one using the new configuration. Note that this is one of the rare times to use --force-renewal
, for getting a new certificate even though you already have one. If that doesn't work the way you expect, don't keep using it because you'll start abusing Let's Encrypt's resources and it'll rate limit you.
6 Likes
petercooperjr:
certbot certificates
This worked beautifully, thank you. If I needed to start something new, how do I ensure certbot installs ECDSA 384 instead?
1 Like
Just add --elliptic-curve=secp384r1
to the certbot command for your new certificate, along the lines of
certbot run -d example.com --elliptic-curve=secp384r1
Or whatever the command is that you're using
6 Likes
rg305
August 23, 2023, 2:30pm
25
There may be a way to add that parameter to all new cert by inserting it in the "global default " [cli.ini
] file.
See: User Guide — Certbot 2.6.0 documentation (eff-certbot.readthedocs.io)
5 Likes
system
Closed
September 22, 2023, 2:30pm
26
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.