Using certbot, I can generate certs using standalone/webroot with no issues.
Afaict from the docs page (https://certbot.eff.org/docs/using.html#command-line-options), there’s no option for EC cert signing. I can of course get rsa certs with various key sizes (–rsa-key-size )
It states both
ECDSA Intermediates ETA: Before March 31, 2017 Let’s Encrypt only signs end-entity certificates with RSA intermediates. We will add the ability to have end-entity certs signed by an ECDSA intermediate.
ECDSA Signing Support Enabled: February 10, 2016 Added the ability for Let’s Encrypt to sign ECDSA keys with Let’s Encrypt’s RSA intermediates. Support for signing ECDSA keys with a full ECDSA cert chain will be added later.
ECDSA testing on staging https://community.letsencrypt.org/t/ecdsa-testing-on-staging/8809/74 If I remember correctly, you can use ECDSA keys using the --csr flag, but not in any mode where certbot generates the certificate for you
All suggest it’s already doable, but not in automated fashion.
Is that still the case? That certbot automation does NOT support automated generation/retrieval of ECDSA SignatureAlgorithm certs?
Is there current documentation on howto best generate ECDSA certs?