Domain config generated from menu #2,. How to make this EC 256 bits (SHA256withECDSA)? Thanks!
see https://centminmod.com/acmetool Choice is between creating only ECC 256bit ECDSA SSL certs = Creating Nginx HTTPS Vhost + ECC 256 bit ECDSA SSL Certificates or creating both ECC 256bit ECDSA + RSA 2048bit SSL certs which is recommended approach as not all web browser/clients support ECC 256bit ECDSA SSL ciphers. See the manual way of doing dual ECDSA + RSA certs at https://community.centminmod.com/th...-dual-ecdsa-rsa-ssl-certificate-support.7449/ Or automated way of doing dual ECDSA + RSA SSL certs which is enabled by setting in persistent config file /etc/centminmod/custom_config.inc the variable prior to creating Nginx vhost via centmin.sh menu option 2 or 22 or nv command line Code (Text): DUALCERTS='y'
Every centmin.sh menu option has a saved log at /root/centminlogs so when you created nginx vhost via centmin.sh menu option 2, 22 or even nv command line there should be a addvhost nginx log and you can inspect that for clues during acme.sh command related commands to see what key length was used, either -k ec-256 or -k 2048 for rsa Ensure you set KEYLENGTH='ec-256' in proper persistent config file /etc/centminmod/custom_config.inc BEFORE you ran centmin.sh menu and not after. command would sort logs by ascending date order and filter on keywords nginx and vhost, so your newly added nginx vhost log would be close to the bottom of listing as it's ascending date ordered Code (Text): ls -lahrt /root/centminlogs | egrep 'nginx|vhost'
Yes it was there since several months ago. This was used: Code: testcert value = lived /root/.acme.sh/acme.sh --issue -d domain.com -d www.domain.com --days 60 -w /home/nginx/domains/domain.com/public -k ec-256 --useragent centminmod-centos7-acmesh-webroot --log /root/centminlogs/acmetool.sh-debug-log-130120-011202.log --log-level 2
Then it should be ECDSA 256bit SSL cert, as the domain had letsencrypt SSL certs issued before on any other server ? Check the expiry dates to see if it's the same issued cert or if you had issued a letsencrypt SSL cert prior with RSA 2048bit. Also where are you checking if it's ECDSA or RSA 2048 ?
Oh i see that is your signature algorithm not SSL cipher. Your SSL cert key = EC 256bit = ECC 256bit = ECDSA 256bit SHA256withRSA is due to Letsencrypt intermediate certs still being RSA 2048 bit based and not ECC 256 ECDSA based see Signature Algorithm with SHA256ECDSA