Conversation
Thanks to @pahrohfit and @Tomoyuki-GH for previous efforts to implement suport for this. Co-Authored-By: Robert Dailey <rob@wargam.es> Co-Authored-By: Tomoyuki-GH <55397638+Tomoyuki-GH@users.noreply.github.com>
Implements support for ECDSA keys. Fixes #2163.
Fixes #8365 This PR adds a control when `certbot certonly` or `certbot run` are called for a certificate that already exists and would eventually be replaced. As described in #8365, this control is here to ensure that the user will not modify the key type of their certificate (eg. ECDSA to RSA) without an explicit approval (set explicitly `--cert-name` and `--key-type`), since RSA is the default if not specified. * Handle unexpected key type migration. * Update certbot-ci/certbot_integration_tests/certbot_tests/test_main.py Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
* Test certbot renew --key-type * Fix typo
* Changelog tweaks. * Add ECDSA documentation * Fix typo
Collaborator
Author
|
All features are integrated. As said by @bmw in #8366 (comment):
|
Member
|
I started a run of the full test suite on this branch at https://dev.azure.com/certbot/certbot/_build/results?buildId=3042&view=results. If it passes, I think we can merge this 🎉 |
Collaborator
Author
|
It passes 💯 |
Collaborator
Author
|
One reminder: please do not forget to merge it instead of squash. |
bmw
approved these changes
Nov 19, 2020
Member
|
Merged. Thanks to everyone who helped us work on this! |
This was referenced Nov 19, 2020
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #8366 #2625
This PR integrates the
ecdsabranch that includes five reviewed PRs (#8431, #8435, #8447, #8451 and #8464) intomasterto enable the ECDSA certificates feature officially in Certbot.On top of this work remains only #8366 which is not related to code, but to documentation: once this PR is merged, a Certbot dev team member need to post on the Let'sEncrypt support forum to advertise about this new feature and describe the migration path to move from a RSA to an ECDSA key and warn about risks to downgrade Certbot in this case. The content of this post can be taken from the "Migrating to certificates based on ECDSA keys" section in
certbot/docs/using.rst.This PR should be merged and not squashed to preserve commits authorship.