Home Explore Help
Register Sign In
Apq
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

README.md clarify keylength arg and ECC default

Reorder and reword small portions of the keylength documentation and
make the ECC cert default explicitly stated in part 2 to avoid
confusion.

Fixes #6590
Joe Bauser 2 weeks ago
parent
a6ff1d6924
commit
0d1f9edf3f
1 changed files with 17 additions and 18 deletions
Split View Show Diff Stats
  1. 17 18
      README.md

+ 17 - 18
README.md
View File 

@@ -208,6 +208,8 @@ The certs will be placed in `~/.acme.sh/example.com/`
 
 
 The certs will be renewed automatically every **60** days.
 
 
+The certs will default to ECC certificates.
 
+
 
 More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
 
 
 
@@ -359,36 +361,33 @@ Ok, it's done.
 
 
 **Please use dns api mode instead.**
 
 
-# 10. Issue ECC certificates
 
+# 10. Issue certificates of different key types and lengths (ECC or RSA)
 
+
 
+Just set the `keylength` to a valid, supported, value.
 
+
 
+Valid values for the `keylength` parameter are:
 
 
-Just set the `keylength` parameter with a prefix `ec-`.
 
+1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)**
 
+2. **ec-384 (secp384r1,  "ECDSA P-384")**
 
+3. **ec-521 (secp521r1,  "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
 
+4. **2048   (RSA2048)**
 
+5. **3072   (RSA3072)**
 
+6. **4096   (RSA4096)**
 
 
 For example:
 
 
-### Single domain ECC certificate
 
+### Single domain with ECDSA P-384 certificate
 
 
 ```bash
 
-acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
 
+acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-384
 
 ```
 
 
-### SAN multi domain ECC certificate
 
+### SAN multi domain with RSA4096 certificate
 
 
 ```bash
 
-acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256
 
+acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength 4096
 
 ```
 
 
-Please look at the `keylength` parameter above.
 
-
 
-Valid values are:
 
-
 
-1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)**
 
-2. **ec-384 (secp384r1,  "ECDSA P-384")**
 
-3. **ec-521 (secp521r1,  "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
 
-4. **2048   (RSA2048)**
 
-5. **3072   (RSA3072)**
 
-6. **4096   (RSA4096)**
 
-
 
-
 
 # 11. Issue Wildcard certificates
 
 
 It's simple, just give a wildcard domain as the `-d` parameter.