Howto obtain ECDSA cert (in addition to RSA) with certbot?

When you use --csr, certbot doesn’t put things in /etc/letsencrypt/ like normal, it just drops the files in the current directory.

From reading https://github.com/certbot/certbot/issues/4182 it seems that 0001_chain.pem is the equivalent of what would normally be fullchain.pem.

I’m not sure why you skipped the | openssl ec -out ecdsa.key part of the command, but if openssl was happy to accept the resulting ecdsa.key then I guess maybe nginx could too? If not you can run openssl ec -out privkey.pem < ecdsa.key and use that instead.

Personally I prefer to use acme.sh for my ECDSA certs.

2 Likes