(Dec 29) New version 0.9.8-18 has been released

[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

Section with modification and patches for Vesta
Forum rules
Before creating a new topic or reply on the forum you should fill out additional fields "Os" and "Web" in your profile section.
In case of violation, the topic can be closed or response from the support will not be received.
Somebodysh
Posts: 2
Joined: Mon Jun 05, 2017 11:35 pm

[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

Postby Somebodysh » Wed Jul 12, 2017 10:23 pm

Hello everyone! As some of you could already know, Let's Encrypt now supports ECC-keys based certificates, and the support coverage of ECC-256 is almost the same as RSA-4096, excluding very-very old clients. Also, there is a way to serve both RSA and ECC certificates for nginx depending on client's abilities.
But Let's Encrypt in current VestaCP version can only generate and manage RSA-based keys, is there any mod to add/replace ECC keys?
I even found acme.sh - bash-based implementation of Certbot with ECC support, can any Linux-guru make a tutorial of replacing default LE plugin with this one? Pls :3

jodumont
Posts: 9
Joined: Fri Jan 05, 2018 3:03 pm
Contact:

Os: Debian 9x
Web: nginx + php-fpm

Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

Postby jodumont » Mon Jan 08, 2018 4:12 pm

Hi;

I don't think vestaCP use acme.sh they seams passing queries via the API

Code: Select all

api='https://acme-v01.api.letsencrypt.org'


what you are looking for is in https://github.com/serghey-rodin/vesta/ ... ncrypt-csr or /usr/local/vesta/bin/v-sign-letsencrypt-csr on your server

Code: Select all

# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'


the api seams not supporting, yet the ECC

but I might be wrong

jodumont
Posts: 9
Joined: Fri Jan 05, 2018 3:03 pm
Contact:

Os: Debian 9x
Web: nginx + php-fpm

Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

Postby jodumont » Wed Jan 10, 2018 2:35 pm

if I may add more info
have been chosen to try to increase compatibility

http://letsencrypt.readthedocs.io/en/la ... l#feedback


Return to “Modification & Patches”



Who is online

Users browsing this forum: No registered users and 1 guest