[Question] Replacing default Let's Encrypt plugin or enhancing it? (ECC / ECC+RSA)

[Somebodysh]

Hello everyone! As some of you could already know, Let's Encrypt now supports ECC-keys based certificates, and the support coverage of ECC-256 is almost the same as RSA-4096, excluding very-very old clients. Also, there is a way to serve both RSA and ECC certificates for nginx depending on client's abilities.
But Let's Encrypt in current VestaCP version can only generate and manage RSA-based keys, is there any mod to add/replace ECC keys?
I even found acme.sh - bash-based implementation of Certbot with ECC support, can any Linux-guru make a tutorial of replacing default LE plugin with this one? Pls :3

[jodumont]

Hi;

I don't think vestaCP use acme.sh they seams passing queries via the API

Code: Select all

api='https://acme-v01.api.letsencrypt.org'

what you are looking for is in https://github.com/serghey-rodin/vesta/ ... ncrypt-csr or /usr/local/vesta/bin/v-sign-letsencrypt-csr on your server

Code: Select all

# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'

the api seams not supporting, yet the ECC

but I might be wrong

[jodumont]

if I may add more info

have been chosen to try to increase compatibility

http://letsencrypt.readthedocs.io/en/la ... l#feedback