[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
-
- Posts: 2
- Joined: Mon Jun 05, 2017 11:35 pm
[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
Hello everyone! As some of you could already know, Let's Encrypt now supports ECC-keys based certificates, and the support coverage of ECC-256 is almost the same as RSA-4096, excluding very-very old clients. Also, there is a way to serve both RSA and ECC certificates for nginx depending on client's abilities.
But Let's Encrypt in current VestaCP version can only generate and manage RSA-based keys, is there any mod to add/replace ECC keys?
I even found acme.sh - bash-based implementation of Certbot with ECC support, can any Linux-guru make a tutorial of replacing default LE plugin with this one? Pls :3
But Let's Encrypt in current VestaCP version can only generate and manage RSA-based keys, is there any mod to add/replace ECC keys?
I even found acme.sh - bash-based implementation of Certbot with ECC support, can any Linux-guru make a tutorial of replacing default LE plugin with this one? Pls :3
Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
Hi;
I don't think vestaCP use acme.sh they seams passing queries via the API
what you are looking for is in https://github.com/serghey-rodin/vesta/ ... ncrypt-csr or /usr/local/vesta/bin/v-sign-letsencrypt-csr on your server
the api seams not supporting, yet the ECC
but I might be wrong
I don't think vestaCP use acme.sh they seams passing queries via the API
Code: Select all
api='https://acme-v01.api.letsencrypt.org'
Code: Select all
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
but I might be wrong
Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
if I may add more info
http://letsencrypt.readthedocs.io/en/la ... l#feedbackhave been chosen to try to increase compatibility