Improve acme.sh settings
the integration of acme.sh is very nice. and the auto detection work very nice on one of my servers.
we are using acme.sh on other systems for a while now and i want to suggest a few things, some could/should also work with certbot.
- add optional support for
--preferred-chain
that would allow usage of the DST Root after the transitioning to ISRG's Root (docs https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain) (certbot 1.6.0+) - add support for setting keylength via UI, so the user could also select ec-256 etc. (see https://github.com/acmesh-official/acme.sh/blob/ddc91ce7c35679c95209137cfc37a1835f369abc/acme.sh#L6467). When the domain key is an ec-*-key the parameter --ecc is needed
I would add both options as a global option under "system" > "server config" > "web" > "ssl settings"
if you are interested in adding these settings, I will try to make a patch for that.
Edited by Pascal Herbert