maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Fix renewal of ECC/ECDSA certificates.

Browse Source 
The ACME v2 implementation uses separate directoies for ECC and on-ECC
certificates. The renew command for a domain checks if an ECC directory
exists (having a "_ecc" suffix) and refuses the command unless the
"--ecc" flag was specified.

Confusingly, this flag is only required to *renew* an ECC certificate,
but not to issue it.

This fixes https://github.com/Froxlor/Froxlor/issues/820.
This commit is contained in:
Christian Schneider
2020-03-29 22:36:26 +02:00
parent aedb829a74
commit 048e6c13ae
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/Froxlor/Cron/Http/LetsEncrypt/AcmeSh.php
View File

@@ -327,6 +327,9 @@ class AcmeSh extends \Froxlor\Cron\FroxlorCron
}
if (Settings::Get('system.leecc') > 0) {
$acmesh_cmd .= " --keylength ec-" . Settings::Get('system.leecc');
if ($cert_mode != 'issue') {
$acmesh_cmd .= " --ecc";
}
} else {
$acmesh_cmd .= " --keylength " . Settings::Get('system.letsencryptkeysize');
}