Is your feature request related to a problem? Please describe.
Let's Encrypt supports RSA keys between 2048 and 4096, and ECDSA P-256 and P384
Describe the solution you'd like
In the Certificates menu tab, when requesting a certificate from there, allow the following key sizes:
- RSA 2048
- RSA 3072
- RSA 4096
- ECDSA 256
- ECDSA 384
Could also be beneficial to have a settable "default key size" and mirror the same dropdown.
Default RSA Key Size: (2048, 3072, 4096)
Default ECDSA Key Size: (256, 384)
The certbot arguments are as follows:
--key-type ecdsa --elliptic-curve secp256r1
--key-type ecdsa --elliptic-curve secp384r1
--key-type rsa --rsa-key-size 2048
--key-type rsa --rsa-key-size 3072
--key-type rsa --rsa-key-size 4096
Another consideration: to support the maximum number of ciphers possible, modern versions of Nginx support multiple ssl_certificate and ssl_certificate_key directives. When configuring a standard nginx instance, the following would prioritize ECDSA, but allow RSA fallback, and show both available for negotiation through a service like ssllabs or the testssl.sh project:
ssl_certificate /path/to/ecdsa.crt;
ssl_certificate_key /path/to/ecdsa.key;
ssl_certificate /path/to/rsa.crt;
ssl_certificate_key /path/to/rsa.key;
The request for the above is to allow either issuing 2 certificates at proxy creation time, or creating the certificates through the certificate tab, and be able to link both of them to any given proxy host. a quick check of the public key could then inform the order of the ssl_certificate/ssl_certificate_key statements in the proxy host configurations.
Is your feature request related to a problem? Please describe.
Let's Encrypt supports RSA keys between 2048 and 4096, and ECDSA P-256 and P384
Describe the solution you'd like
In the Certificates menu tab, when requesting a certificate from there, allow the following key sizes:
Could also be beneficial to have a settable "default key size" and mirror the same dropdown.
Default RSA Key Size: (2048, 3072, 4096)
Default ECDSA Key Size: (256, 384)
The certbot arguments are as follows:
--key-type ecdsa --elliptic-curve secp256r1--key-type ecdsa --elliptic-curve secp384r1--key-type rsa --rsa-key-size 2048--key-type rsa --rsa-key-size 3072--key-type rsa --rsa-key-size 4096Another consideration: to support the maximum number of ciphers possible, modern versions of Nginx support multiple ssl_certificate and ssl_certificate_key directives. When configuring a standard nginx instance, the following would prioritize ECDSA, but allow RSA fallback, and show both available for negotiation through a service like ssllabs or the testssl.sh project:
The request for the above is to allow either issuing 2 certificates at proxy creation time, or creating the certificates through the certificate tab, and be able to link both of them to any given proxy host. a quick check of the public key could then inform the order of the ssl_certificate/ssl_certificate_key statements in the proxy host configurations.