Skip to content

Commit 0d1f9ed

Browse files
coderjoecoderjoe
committed
README.md clarify keylength arg and ECC default
Reorder and reword small portions of the keylength documentation and make the ECC cert default explicitly stated in part 2 to avoid confusion. Fixes #6590
1 parent a6ff1d6 commit 0d1f9ed

File tree

1 file changed

+17
-18
lines changed

1 file changed

+17
-18
lines changed

README.md

Lines changed: 17 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,8 @@ The certs will be placed in `~/.acme.sh/example.com/`
208208

209209
The certs will be renewed automatically every **60** days.
210210

211+
The certs will default to ECC certificates.
212+
211213
More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
212214

213215

@@ -359,36 +361,33 @@ Ok, it's done.
359361

360362
**Please use dns api mode instead.**
361363

362-
# 10. Issue ECC certificates
364+
# 10. Issue certificates of different key types and lengths (ECC or RSA)
365+
366+
Just set the `keylength` to a valid, supported, value.
367+
368+
Valid values for the `keylength` parameter are:
363369

364-
Just set the `keylength` parameter with a prefix `ec-`.
370+
1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)**
371+
2. **ec-384 (secp384r1, "ECDSA P-384")**
372+
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
373+
4. **2048 (RSA2048)**
374+
5. **3072 (RSA3072)**
375+
6. **4096 (RSA4096)**
365376

366377
For example:
367378

368-
### Single domain ECC certificate
379+
### Single domain with ECDSA P-384 certificate
369380

370381
```bash
371-
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
382+
acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-384
372383
```
373384

374-
### SAN multi domain ECC certificate
385+
### SAN multi domain with RSA4096 certificate
375386

376387
```bash
377-
acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256
388+
acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength 4096
378389
```
379390

380-
Please look at the `keylength` parameter above.
381-
382-
Valid values are:
383-
384-
1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)**
385-
2. **ec-384 (secp384r1, "ECDSA P-384")**
386-
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
387-
4. **2048 (RSA2048)**
388-
5. **3072 (RSA3072)**
389-
6. **4096 (RSA4096)**
390-
391-
392391
# 11. Issue Wildcard certificates
393392

394393
It's simple, just give a wildcard domain as the `-d` parameter.

0 commit comments

Comments
 (0)