In the coming months, Certbot will be switching to issuing ECDSA (secp256r1) certificates by default. This will happen in the release of Certbot 2.0. Currently, Certbot issues 2048-bit RSA certificates by default. We are announcing this change now in order to provide advance warning and to gather …

Only the default key type for new certificates is changing. If you want to keep using RSA 2048-bit certificates, you can use the CLI flags which have been available since Certbot 1.10.0: --key-type rsa --rsa-key-size 2048

ECDSA certificates by default and other upcoming changes in Certbot 2.0

Client dev

saudiqbal May 4, 2022, 6:41pm 2

Is it going to be a short X2 chain?

2 Likes

Topic		Replies	Views
Existing RSA key/cert renewed as ECDSA on Certbot upgrade Client dev	11	5812	April 27, 2023
Certbot 1.10.0 Release Client dev	9	3267	January 23, 2021
--reuse-key should imply --reuse-key-type Help	9	1183	May 26, 2023
Certbot 2.5.0 Release Client dev	1	1115	May 4, 2023
Renew using "certbot certonly" asks: update key type to ECDSA? Issuance Tech	4	6489	May 21, 2023

ECDSA certificates by default and other upcoming changes in Certbot 2.0

Related topics