diff --git a/feature-ssl.pl b/feature-ssl.pl index 19fd8dcb7..073f393db 100755 --- a/feature-ssl.pl +++ b/feature-ssl.pl @@ -3196,6 +3196,9 @@ sub request_domain_letsencrypt_cert &foreign_require("webmin"); my $phd = &public_html_dir($d); my ($ok, $cert, $key, $chain); +my $actype = $ctype =~ /^ec/ ? "ecdsa" : "rsa"; +my $dctype = $d->{'letsencrypt_ctype'} =~ /^ec/ ? "ecdsa" : "rsa"; +my $actype_reuse = $actype eq $dctype ? 1 : 0; my @errs; my @wilds = grep { /^\*\./ } @$dnames; &lock_file($ssl_letsencrypt_lock); @@ -3204,7 +3207,7 @@ sub request_domain_letsencrypt_cert # Try using website first ($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert( $dnames, $phd, $d->{'emailto'}, $size, "web", $staging, - &get_global_from_address(), $ctype =~ /^ec/ ? "ecdsa" : "rsa"); + &get_global_from_address(), $actype, $actype_reuse); push(@errs, &text('letsencrypt_eweb', $cert)) if (!$ok); } if (!$ok && &get_webmin_version() >= 1.834 && $d->{'dns'} && @@ -3212,7 +3215,7 @@ sub request_domain_letsencrypt_cert # Fall back to DNS ($ok, $cert, $key, $chain) = &webmin::request_letsencrypt_cert( $dnames, undef, $d->{'emailto'}, $size, "dns", $staging, - &get_global_from_address(), $ctype =~ /^ec/ ? "ecdsa" : "rsa"); + &get_global_from_address(), $actype, $actype_reuse); push(@errs, &text('letsencrypt_edns', $cert)) if (!$ok); } elsif (!$ok) { diff --git a/generate-letsencrypt-cert.pl b/generate-letsencrypt-cert.pl index 86193c210..f9d2f3b49 100755 --- a/generate-letsencrypt-cert.pl +++ b/generate-letsencrypt-cert.pl @@ -102,6 +102,7 @@ package virtual_server; &usage("The Let's Encrypt client on your system does ". "not support EC certificates"); } +$ctype ||= ($d->{'letsencrypt_ctype'} || "rsa"); if (!@dnames) { # No hostnames specified if ($defdnames || !$d->{'letsencrypt_dname'}) { @@ -199,7 +200,7 @@ package virtual_server; $d->{'letsencrypt_last'} = time(); $d->{'letsencrypt_last_success'} = time(); $d->{'letsencrypt_renew'} = $renew; - $d->{'letsencrypt_ctype'} = $ctype; + $d->{'letsencrypt_ctype'} = $ctype =~ /^ec/ ? "ecdsa" : "rsa"; $d->{'letsencrypt_size'} = $size; &refresh_ssl_cert_expiry($d); &save_domain($d); diff --git a/letsencrypt.cgi b/letsencrypt.cgi index 093183d85..e361aee20 100755 --- a/letsencrypt.cgi +++ b/letsencrypt.cgi @@ -136,7 +136,7 @@ else { $d->{'letsencrypt_dname'} = $custom_dname; $d->{'letsencrypt_dwild'} = $in{'dwild'}; $d->{'letsencrypt_renew'} = $in{'renew'}; - $d->{'letsencrypt_ctype'} = $in{'ctype'}; + $d->{'letsencrypt_ctype'} = $in{'ctype'} =~ /^ec/ ? "ecdsa" : "rsa"; $d->{'letsencrypt_last'} = time(); $d->{'letsencrypt_last_success'} = time(); &refresh_ssl_cert_expiry($d);