Open krtab opened 2 years ago
Not sure how common my use case is, but:
I desperately wanted to use a LE wildcard, but my DNS provider does not have an API. I was so glad I found this tool! However, when realizing I had to provide an RSA key and, being a prior certbot user, could only find a weird json key file (/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/<uid>/private_key.json
), I was a bit puzzled.
After a bit of googling, I found a thread with several code samples or links, dealing with how to convert that key into RSA. There's Java and Go, and I also found a Python script which I ended up using.
So now that there are three different implementations, I wonder if this could be adapted and added to agnos so it would accept either an RSA key or the JSON format that probably many users are going to already have if they're switching from certbot with non-wildcard certificates.
(btw, thank you so much, this tool is ingenious and awesome!)
HI!
Thanks a lot for your very kind words, feedback is immensely precious! I'm opening a new issue regarding your demand, as this one centers more on the cryptography algorithm than the file format. I'll try to have a look at it when I have time.
I have started messing around with adding P-256 support to acme2
.
Sadly, it seems that JWK/JWS/JWT ecosystem is not perfectly mature in Rust, so acme2 implements these with its own bespoke code and OpenSSL's crypto primitives. So the process isn't as easy as it could be in e.g. Go where there's stuff like stdlib crypto
and go-jose.
I've submitted a PR adding P-256 account key support to to acme2: https://github.com/lucacasonato/acme2/pull/23
Great news!
This limitation currently stems from acme2. Cf: https://github.com/lucacasonato/acme2/issues/22