jetstack / kube-lego

DEPRECATED: Automatically request certificates for Kubernetes Ingress resources from Let's Encrypt
Apache License 2.0
2.16k stars 267 forks source link

Supporting ECC Certificates #190

Open frusdelion opened 7 years ago

frusdelion commented 7 years ago

This pull request allows for the generation of both RSA and ECC CSRs, ECC being the new default.

This resolves #144

frusdelion commented 7 years ago

To answer the second case, the certificate will only be renewed when (1) the cert does not cover all domains, (2) it is expired or is going to expire sooner than the minimum validity setting.

Certificates provisioned before changing the key types will not trigger a certificate request.

See https://github.com/harborfront/kube-lego/blob/master/pkg/ingress/tls.go

b commented 7 years ago

Anything going on with this? The functionality is quite useful.

dgregoire commented 7 years ago

@frusdelion still have interest in this?