Add support for specifying key type

voxpupuli / puppet-letsencrypt

A Puppet module to install the Letsencrypt client and request certificates.

https://forge.puppet.com/puppet/letsencrypt

Apache License 2.0

87 stars 136 forks source link

Add support for specifying key type #320

Open martijndegouw opened 1 year ago

martijndegouw commented 1 year ago

Pull Request (PR) description

Allow specifying which key type to generate. Certbot changed it's default from rsa to elliptic curve, but I kept the default to rsa for backwards compatibility.

smortex commented 1 year ago

Looks like REFERENCE.md is outdated. From your working directory:

$ bundle update
$ bundle exec rake strings:generate:reference
$ git add REFERENCE.md
$ git commit --amend
$ git push --force

This will re-run the test suite.

martijndegouw commented 1 year ago

I just quickly checked, but support for —key-type was only added in version 1.10.0 of certbot. Some of the OSses supported by this module, like Debian 10, come with an older version of certbot and will that will not work anymore with this change.

We internally use newer versions of the certbot package for Debian 10, so I did not notice this initially.

Should this feature take into account the actual version of certbot?

smortex commented 1 year ago

Ah, that's the kind of tricky things I am not aware of and that can get annoying.

Maybe we can add a new fact that get the version of certbot, and does it best to respect the user config: use legacy options for old versions, maybe producing a warning if the user tuned something that cannot be tuned with their version of certbot, and use the bleeding edge options if the installed version is compatible?

kenyon commented 11 months ago

Ubuntu 20.04 still has an old version of certbot, so we can't merge this as is. https://packages.ubuntu.com/focal-updates/certbot