Support for ECDSA certificates in the native client

[ruslandoga]

Certbot and some other ACME clients have switched to ECDSA by default some time ago. Currently, alg is hardcoded in SiteEncrypt's native client. Thoughts on making it configurable or even better, guessed from the private key provided?

---

Some notable discussions:

• https://community.letsencrypt.org/t/ecdsa-certificates-by-default-and-other-upcoming-changes-in-certbot-2-0
• Consider making ECDSA (p-256) the default certificate type acmesh-official/acme.sh#2350

[sasa1977]

Certbot and some other ACME clients have switched to ECDSA

It would make sense to use the same defaults as the other clients.

Thoughts on making it configurable

Also sounds sensible.

even better, guessed from the private key provided

Which provided key? IIRC we don't accept any key as the input.

Anyway, contributions in this are are welcome :-)

[ruslandoga]

Which provided key? IIRC we don't accept any key as the input.

I was thinking about the account_key here

site_encrypt/lib/site_encrypt/acme/client/api.ex

Line 87 in 735105d

def new_session(directory_url, account_key, http_opts \\ []) do

but yeah, it would need to be configured for SiteEncrypt anyway so we can just get alg from the config instead of guessing it from the key. I'll try to prepare a PR tomorrow this weekend early later next week!