Try this just to compare CSR files:
./acme.sh --issue -k ec-256 --domain "justa.test" --server
openssl req -text -noout -in /root/.acme.sh/justa.test_ecc/justa.test.csr
1 Like
syntax error
Usage: acme.sh --issue --domain <domain.tld> --webroot
this procedure is not from a HSM scr file ))
Based on the information you've given I presume that you're able to submit a CSR with an EC key just fine, but the resulting certificate you get back is signed by Let's Encrypt R3, which has an RSA key.
That's because Let's Encrypt currently only issues from its ECDSA intermediate (E1) for allow-listed accounts. Please see these links for more information:
Also, based on crt.sh data you've already issued 5 duplicate certificates this week, which means that you're now rate limited. Please use the staging enviroment for testing.
I should also note that the certificates you have issued are in fact ECDSA certificates. Let's Encrypt does not and cannot change the key type you use (it can only accept or refuse them). Therefore your certificates are perfectly fine ECDSA. They're just signed by an RSA intermediate. Let's Encrypt does offer a full ECDSA chain for selected accounts, see the links above.
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.