In the coming months, Certbot will be switching to issuing ECDSA (secp256r1) certificates by default. This will happen in the release of Certbot 2.0.
Currently, Certbot issues 2048-bit RSA certificates by default.
We are announcing this change now in order to provide advance warning and to gather feedback from the community.
Why?
When Certbot was initially released at the end of 2015, RSA was widely considered to strike the best balance between compatibility, security, and performance. Over the last 7 years, this has changed and ECDSA is widely supported in modern web software. Since compatibility is no longer a concern, we feel this is the right time to make ECDSA the default certificate type to help people get the security and performance benefits offered by ECDSA.
This change follows the current recommendation by Mozilla for servers using TLS.
Will existing certificates be affected?
Upon the release of Certbot 2.0, new certificates will use ECDSA (secp256r1) private keys by default.
Existing certificates will not be affected.
Renewing an existing certificate using certbot renew (including via Certbot’s cron jobs, timers and scheduled tasks) will preserve the existing key type.
Renewing/replacing an existing certificate with certbot certonly/run will preserve the existing key type if running non-interactively and prompt the user to confirm the key type if running interactively.
Upgrading to Certbot 2.0
Certbot 2.0 will be fully compatible with existing Certbot installations and upgrading should not have any adverse effects.
If you installed Certbot via snap, you will automatically be upgraded to Certbot 2.0.
Windows, Docker and pip users will be able to upgrade to Certbot 2.0 at their own convenience.
Users of 3rd party packages (e.g. Debian/Ubuntu apt repositories, EPEL yum/dnf repository, Homebrew) will need to wait for those repositories to be updated before upgrading.
The best way to install Certbot is to follow the instructions at https://certbot.eff.org/instructions.
Other changes coming in Certbot 2.0
-
Certbot no longer supports versions of ACME from before the RFC 8555 standard.
-
acmeand Certbot no longer support the oldurn:acme:error:ACME error prefix. -
The Apache plugin no longer supports Apache 2.2.
-
Removed the
certbot-dns-cloudxnsplugin. -
Certbot will now error if a certificate has
--reuse-keyset and a conflicting--key-type,--key-sizeor--elliptic-curveis requested on the CLI. Use--new-keyto change the key while preserving--reuse-key. -
3rd party plugins no longer support the
dist_name:plugin_nameformat on the CLI and in configuration files. Use the shorterplugin_nameformat. -
acme.client.Client,acme.client.ClientBase,acme.client.BackwardsCompatibleClientV2,acme.mixins,acme.client.DER_CONTENT_TYPE,acme.fields.Resource,acme.fields.resource,acme.magic_typing,acme.messages.OLD_ERROR_PREFIX,acme.messages.Directory.register,acme.messages.Authorization.resolved_combinations,acme.messages.Authorization.combinationshave been removed. -
acme.messages.Directorynow only supports lookups by the exact resource name string in the ACME directory (e.g.directory['newOrder']). -
Removed the deprecated
source_addressargument foracme.client.ClientNetwork. -
The
zopebased interfaces incertbot.interfaceshave been removed in favor of theabcbased interfaces found in the same module. -
Certbot no longer depends on
zope. -
Removed deprecated function
certbot.util.get_strict_version. -
Removed deprecated functions
certbot.crypto_util.init_save_csr,certbot.crypto_util.init_save_key,
andcertbot.compat.misc.execute_command -
The attributes
FileDisplay,NoninteractiveDisplay,SIDE_FRAME,input_with_timeout,separate_list_input,summarize_domain_list,HELP, andESCfromcertbot.display.utilhave been removed. -
Removed deprecated functions
certbot.tests.util.patch_get_utility*. Plugins should now
patchcertbot.display.utilthemselves in their tests or use
certbot.tests.util.patch_display_utilas a temporary workaround. -
Certbot's test API under
certbot.testsnow usesunittest.mockinstead of the 3rd partymocklibrary.