I’m pretty new to setting up web servers with SSL/ HTTPS and even after reading through the certbot documentation, searching this forum and using Google, I can’t figure it out myself and would need some help.
I already managed to obtain certificates encrypted with RSA, but after reading about ECDSA having slight speed advantages during TLS handshake I wanted to follow the guide of @ScottHelme (https://scotthelme.co.uk/ecdsa-certificates/), but use certbot instead of acme_tiny.py.
So I ran the commands from the guide and additionally the certbot command:
openssl ecparam -genkey -name secp256v1 > ecdsa.key
openssl req -new -sha256 -key ecdsa.key -out ecdsa.csr(and entered fqdn when asked for)
certbot certonly -d host.domain.tld --dns-digitalocean --server https://acme-v02.api.letsencrypt.org/directory --csr ecdsa.csr --cert-name host.domain.tld
The request for certificates was somewhat successful. The return message of certbot informed me that the certificate has been successfully obtained. However I was expecting that four new files were placed under
as usual. Instead there were only the following files created under the currenty directory (my home directory at that point) and not in the letsencrypt directory:
0000_cert.pem 0000_chain.pem 0001_chain.pem
So my questions are:
- How should my certbot command look like, so that the expected cert files are put into the existing
- Where is my fullchain.pem which I need for the nginx web server config?
- Am I right, that I can use my ecdsa.key as keyfile for nginx just like that:
- Something else I’m missing?
I understand that I need to extend my current nginx config after I got all the files from:
and that I need to have ciphers suites that use ecdsa. So right now I have:
Thank you very much for any help and pointing me into the right direction. And please excuse me if I’m asking stupid question.