When you use --csr
, certbot doesn’t put things in /etc/letsencrypt/
like normal, it just drops the files in the current directory.
From reading https://github.com/certbot/certbot/issues/4182 it seems that 0001_chain.pem
is the equivalent of what would normally be fullchain.pem
.
I’m not sure why you skipped the | openssl ec -out ecdsa.key
part of the command, but if openssl was happy to accept the resulting ecdsa.key
then I guess maybe nginx could too? If not you can run openssl ec -out privkey.pem < ecdsa.key
and use that instead.
Personally I prefer to use acme.sh for my ECDSA certs.