Vesta Control Panel - Forum

Community Forum
http://forum.vestacp.com/

[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

http://forum.vestacp.com/viewtopic.php?f=20&t=14933

Page 1 of 1

[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

Posted: Wed Jul 12, 2017 10:23 pm
by Somebodysh
Hello everyone! As some of you could already know, Let's Encrypt now supports ECC-keys based certificates, and the support coverage of ECC-256 is almost the same as RSA-4096, excluding very-very old clients. Also, there is a way to serve both RSA and ECC certificates for nginx depending on client's abilities.
But Let's Encrypt in current VestaCP version can only generate and manage RSA-based keys, is there any mod to add/replace ECC keys?
I even found acme.sh - bash-based implementation of Certbot with ECC support, can any Linux-guru make a tutorial of replacing default LE plugin with this one? Pls :3

Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

Posted: Mon Jan 08, 2018 4:12 pm
by jodumont
Hi;

I don't think vestaCP use acme.sh they seams passing queries via the API

Code: Select all

api='https://acme-v01.api.letsencrypt.org'
what you are looking for is in https://github.com/serghey-rodin/vesta/ ... ncrypt-csr or /usr/local/vesta/bin/v-sign-letsencrypt-csr on your server

Code: Select all

# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
the api seams not supporting, yet the ECC

but I might be wrong

Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

Posted: Wed Jan 10, 2018 2:35 pm
by jodumont
if I may add more info
have been chosen to try to increase compatibility
http://letsencrypt.readthedocs.io/en/la ... l#feedback
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/