docs: rewrite ecdsa section of user guide #9465
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alexzorin
commented
Nov 14, 2022
|
|
||
| certbot renew --key-type ecdsa --cert-name example.com --force-renewal | ||
| which will take effect upon the next renewal of each certificate. | ||
|
|
||
| Obtaining ECDSA certificates in addition to RSA certificates |
There was a problem hiding this comment.
I am on the fence about whether this section is worth keeping in 2023. The dual RSA/ECDSA nginx setup is a very esoteric setup and has less and less reason to exist, in my opinion. We have other stuff which is undocumented (like --reuse-key) and deserves the space more. Keen to hear other opinions.
There was a problem hiding this comment.
I think we should get rid of this section as I agree it's way too esoteric to it be worth space in our docs. If you want to create a PR to remove this section, I'd approve it.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
At the time this section was written, it was all about the introduction of support for ECDSA and how users can start taking advantage of that support.
Now that we use ECDSA by default, this piece of documentation probably should serve a new purpose. My idea here is to document the new behavior that we have in 2.0: new key type on new certificates, old certificates will keep their existing key type.
Users may now be going in the reverse direction with their changes ("I got an ECDSA certificate but I need RSA because I have an old load balancer appliance!") so I have also updated some section titles to be less about ECDSA and more about Key Types in general.
Fixes #9442.