From 31cc2ba806cbfbbbdc49f9735edab7fcb39ea6db Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Wed, 30 Aug 2023 07:47:24 +0000
Subject: [PATCH] Add support for --elliptic-curve secp256r1 in LE SSL certs
 with certbot.

---
 server/lib/classes/letsencrypt.inc.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/server/lib/classes/letsencrypt.inc.php b/server/lib/classes/letsencrypt.inc.php
index 6a1d2d02ac..944194c0de 100644
--- a/server/lib/classes/letsencrypt.inc.php
+++ b/server/lib/classes/letsencrypt.inc.php
@@ -168,7 +168,15 @@ class letsencrypt {
 			$cert_selection_command = "--expand";
 		}
 
-		$cmd = $letsencrypt . " certonly -n --text --agree-tos $cert_selection_command --authenticator webroot --server $acme_version --rsa-key-size 4096 --email webmaster@$primary_domain $webroot_args";
+		if (version_compare($letsencrypt_version, '2.0', '>=')) {
+			$app->log("LE version is " . $letsencrypt_version . ", so using --elliptic-curve secp256r1 instead of --rsa-key-size 4096", LOGLEVEL_DEBUG);
+			$acme_key_size = "--elliptic-curve secp256r1";
+		} else {
+			$acme_key_size = "--rsa-key-size 4096";
+		}
+
+		$cmd = $letsencrypt . " certonly -n --text --agree-tos $cert_selection_command --authenticator webroot --server $acme_version $acme_key_size --email webmaster@$primary_domain $webroot_args";
+
 
 		return $cmd;
 	}
-- 
GitLab