Create ECC (ECDSA) certificates

[HansVanEijsden]

As you probably know, Let's Encrypt supports ECDSA certificates. Unfortunately I haven't discovered a way to do it from within Plesk.

This is how I do it with acme-tiny: http://pastebin.com/Bp6iDgzr (and also with a fixed private key, to make HPKP possible).

But... while googling I discovered also a way to do it with the official Let's Encrypt client (the one you're using?):

openssl ecparam -genkey -name secp384r1 > privkey-p384.pem

openssl req -new -sha256 -key privkey-p384.pem -subj "/CN=example.com" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:example.com")) -outform der -out csr-p384.der

letsencrypt certonly --text -vv --agree-tos --test-cert --email ${email} --csr /etc/letsencrypt/custom/csr-p384.der --webroot --webroot-map '{"example.com": "/var/www/vhosts/example.com/htdocs"}'

As you probably know, ECDSA (ECC) certs are way faster and more secure while having a way smaller key size. It would be great to support them. Thanks!