certbot: add a cli.ini file with (commented out) ecdsa certs
Once this becomes useful we should switch the letsencrypt certs we get. Right now it's not, as the intermediate is the letsencrypt R3, which is a rsa 2048 bit, so it doesn't help the FUTURE case. Someday they will switch this to use the X1 cert which will be ECC and it will be useful to switch. Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
71c3f3fd4d
commit
a38aac4cd3
2 changed files with 12 additions and 0 deletions
2
roles/letsencrypt/files/cli.ini
Normal file
2
roles/letsencrypt/files/cli.ini
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
#key-type = ecdsa
|
||||
#elliptic-curve = secp384r1
|
||||
|
|
@ -1,3 +1,13 @@
|
|||
- name: setup defaults file
|
||||
copy: >
|
||||
dest=/etc/letsencrypt/cli.ini
|
||||
src=cli.ini
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
tags:
|
||||
- letsencrypt
|
||||
|
||||
- name: Generate (or renew) the certificate
|
||||
delegate_to: "certgetter01.iad2.fedoraproject.org"
|
||||
command: certbot certonly --expand --keep -n --webroot --webroot-path /var/www/html/ -d {{','.join([site_name] + server_aliases)}}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue