Skip to content

Commit 3e7bb81

Browse files
mz2mz2
committed
Add support for custom certificate key types via environment variables
This change allows users to specify custom key types and elliptic curves for SSL certificates through CERT_KEY_TYPE and CERT_ELLIPTIC_CURVE environment variables. This enables support for ECDSA P-256 certificates and other key types. When these environment variables are empty or not set, the current default behavior is preserved, ensuring backward compatibility. The environment variables are passed as arguments to certbot when generating or renewing certificates for both HTTP and DNS challenges.
1 parent 487fa6d commit 3e7bb81

File tree

2 files changed

+23
-1
lines changed

2 files changed

+23
-1
lines changed

backend/internal/certificate.js

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -857,6 +857,16 @@ const internalCertificate = {
857857
certificate.domain_names.join(','),
858858
];
859859

860+
// Add key type options if specified via environment variables
861+
if (process.env.CERT_KEY_TYPE) {
862+
args.push('--key-type', process.env.CERT_KEY_TYPE);
863+
logger.info(`Using key type: ${process.env.CERT_KEY_TYPE}`);
864+
}
865+
if (process.env.CERT_ELLIPTIC_CURVE) {
866+
args.push('--elliptic-curve', process.env.CERT_ELLIPTIC_CURVE);
867+
logger.info(`Using elliptic curve: ${process.env.CERT_ELLIPTIC_CURVE}`);
868+
}
869+
860870
const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id);
861871
args.push(...adds.args);
862872

@@ -907,6 +917,16 @@ const internalCertificate = {
907917
dnsPlugin.full_plugin_name,
908918
];
909919

920+
// Add key type options if specified via environment variables
921+
if (process.env.CERT_KEY_TYPE) {
922+
args.push('--key-type', process.env.CERT_KEY_TYPE);
923+
logger.info(`Using key type: ${process.env.CERT_KEY_TYPE}`);
924+
}
925+
if (process.env.CERT_ELLIPTIC_CURVE) {
926+
args.push('--elliptic-curve', process.env.CERT_ELLIPTIC_CURVE);
927+
logger.info(`Using elliptic curve: ${process.env.CERT_ELLIPTIC_CURVE}`);
928+
}
929+
910930
if (hasConfigArg) {
911931
args.push(`--${dnsPlugin.full_plugin_name}-credentials`, credentialsLocation);
912932
}

docker/Dockerfile

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,9 @@ ENV SUPPRESS_NO_CONFIG_WARNING=1 \
2323
NPM_BUILD_VERSION="${BUILD_VERSION}" \
2424
NPM_BUILD_COMMIT="${BUILD_COMMIT}" \
2525
NPM_BUILD_DATE="${BUILD_DATE}" \
26-
NODE_OPTIONS="--openssl-legacy-provider"
26+
NODE_OPTIONS="--openssl-legacy-provider" \
27+
CERT_KEY_TYPE="" \
28+
CERT_ELLIPTIC_CURVE=""
2729

2830
RUN echo "fs.file-max = 65535" > /etc/sysctl.conf \
2931
&& apt-get update \

0 commit comments

Comments
 (0)