We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
-
- Posts: 2
- Joined: Mon Jun 05, 2017 11:35 pm
[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
Hello everyone! As some of you could already know, Let's Encrypt now supports ECC-keys based certificates, and the support coverage of ECC-256 is almost the same as RSA-4096, excluding very-very old clients. Also, there is a way to serve both RSA and ECC certificates for nginx depending on client's abilities.
But Let's Encrypt in current VestaCP version can only generate and manage RSA-based keys, is there any mod to add/replace ECC keys?
I even found acme.sh - bash-based implementation of Certbot with ECC support, can any Linux-guru make a tutorial of replacing default LE plugin with this one? Pls :3
But Let's Encrypt in current VestaCP version can only generate and manage RSA-based keys, is there any mod to add/replace ECC keys?
I even found acme.sh - bash-based implementation of Certbot with ECC support, can any Linux-guru make a tutorial of replacing default LE plugin with this one? Pls :3
Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
Hi;
I don't think vestaCP use acme.sh they seams passing queries via the API
what you are looking for is in https://github.com/serghey-rodin/vesta/ ... ncrypt-csr or /usr/local/vesta/bin/v-sign-letsencrypt-csr on your server
the api seams not supporting, yet the ECC
but I might be wrong
I don't think vestaCP use acme.sh they seams passing queries via the API
Code: Select all
api='https://acme-v01.api.letsencrypt.org'
Code: Select all
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
but I might be wrong
Re: [Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)
if I may add more info
http://letsencrypt.readthedocs.io/en/la ... l#feedbackhave been chosen to try to increase compatibility