diff --git a/backend/internal/certificate.js b/backend/internal/certificate.js index 0828878bc7..bde1bdca49 100644 --- a/backend/internal/certificate.js +++ b/backend/internal/certificate.js @@ -798,6 +798,11 @@ const internalCertificate = { certificate.domain_names.join(","), ]; + // Add key-type parameter if specified + if (certificate.meta?.key_type) { + args.push("--key-type", certificate.meta.key_type); + } + const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id); args.push(...adds.args); @@ -858,6 +863,11 @@ const internalCertificate = { ); } + // Add key-type parameter if specified + if (certificate.meta?.key_type) { + args.push("--key-type", certificate.meta.key_type); + } + const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); args.push(...adds.args); @@ -938,6 +948,11 @@ const internalCertificate = { "--disable-hook-validation", ]; + // Add key-type parameter if specified + if (certificate.meta?.key_type) { + args.push("--key-type", certificate.meta.key_type); + } + const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); args.push(...adds.args); @@ -979,6 +994,11 @@ const internalCertificate = { "--no-random-sleep-on-renew", ]; + // Add key-type parameter if specified + if (certificate.meta?.key_type) { + args.push("--key-type", certificate.meta.key_type); + } + const adds = internalCertificate.getAdditionalCertbotArgs(certificate.id, certificate.meta.dns_provider); args.push(...adds.args); diff --git a/backend/schema/components/certificate-object.json b/backend/schema/components/certificate-object.json index ef2d613fa6..80cd92befe 100644 --- a/backend/schema/components/certificate-object.json +++ b/backend/schema/components/certificate-object.json @@ -71,6 +71,11 @@ "propagation_seconds": { "type": "integer", "minimum": 0 + }, + "key_type": { + "type": "string", + "enum": ["rsa", "ecdsa"], + "default": "rsa" } }, "example": { diff --git a/frontend/src/locale/src/bg.json b/frontend/src/locale/src/bg.json index 81cab5982b..5183fe315b 100644 --- a/frontend/src/locale/src/bg.json +++ b/frontend/src/locale/src/bg.json @@ -170,6 +170,18 @@ "certificates.http.warning": { "defaultMessage": "Тези домейни трябва вече да сочат към тази инсталация." }, + "certificates.key-type": { + "defaultMessage": "Тип ключ" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA е широко съвместим, ECDSA е по-бърз и по-сигурен, но може да не се поддържа от по-стари системи" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "с Let's Encrypt" }, diff --git a/frontend/src/locale/src/de.json b/frontend/src/locale/src/de.json index d36b259d46..ae97a29bff 100644 --- a/frontend/src/locale/src/de.json +++ b/frontend/src/locale/src/de.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "Diese Domänen müssen bereits so konfiguriert sein, dass sie auf diese Installation verweisen." }, + "certificates.key-type": { + "defaultMessage": "Schlüsseltyp" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA ist weit verbreitet, ECDSA ist schneller und sicherer, wird aber möglicherweise von älteren Systemen nicht unterstützt" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "Über Let's Encrypt" }, diff --git a/frontend/src/locale/src/en.json b/frontend/src/locale/src/en.json index 355d0db77b..efc7335fc5 100644 --- a/frontend/src/locale/src/en.json +++ b/frontend/src/locale/src/en.json @@ -170,6 +170,18 @@ "certificates.http.warning": { "defaultMessage": "These domains must be already configured to point to this installation." }, + "certificates.key-type": { + "defaultMessage": "Key Type" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA is widely compatible, ECDSA is faster and more secure but may not be supported by older systems" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "with Let's Encrypt" }, diff --git a/frontend/src/locale/src/es.json b/frontend/src/locale/src/es.json index 2b1ebfa4e8..c8b1edb075 100644 --- a/frontend/src/locale/src/es.json +++ b/frontend/src/locale/src/es.json @@ -170,6 +170,18 @@ "certificates.http.warning": { "defaultMessage": "Estos dominios ya deben estar configurados para apuntar a esta instalación." }, + "certificates.key-type": { + "defaultMessage": "Tipo de Clave" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA es ampliamente compatible, ECDSA es más rápido y seguro pero puede no ser compatible con sistemas antiguos" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "con Let's Encrypt" }, diff --git a/frontend/src/locale/src/it.json b/frontend/src/locale/src/it.json index 3301218f9e..3bbc731650 100644 --- a/frontend/src/locale/src/it.json +++ b/frontend/src/locale/src/it.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "Questi domini devono già essere configurati per puntare a questa installazione." }, + "certificates.key-type": { + "defaultMessage": "Tipo di Chiave" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA è ampiamente compatibile, ECDSA è più veloce e sicuro ma potrebbe non essere supportato da sistemi più vecchi" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "con Let's Encrypt" }, diff --git a/frontend/src/locale/src/ja.json b/frontend/src/locale/src/ja.json index 1ace1c642d..2ffadd0cf8 100644 --- a/frontend/src/locale/src/ja.json +++ b/frontend/src/locale/src/ja.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "これらのドメインは、すでにこのインストール先を指すように設定されている必要がありますあ." }, + "certificates.key-type": { + "defaultMessage": "鍵タイプ" + }, + "certificates.key-type-description": { + "defaultMessage": "RSAは広く互換性があり、ECDSAはより高速で安全ですが、古いシステムではサポートされていない場合があります" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "Let's Encryptを使用する" }, diff --git a/frontend/src/locale/src/ko.json b/frontend/src/locale/src/ko.json index f9d82d85b5..9c0093591b 100644 --- a/frontend/src/locale/src/ko.json +++ b/frontend/src/locale/src/ko.json @@ -170,6 +170,18 @@ "certificates.http.warning": { "defaultMessage": "도메인이 이 서버를 가리키도록 설정되어 있어야 합니다." }, + "certificates.key-type": { + "defaultMessage": "키 유형" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA는 호환성이 넓고, ECDSA는 더 빠르고 안전하지만 오래된 시스템에서 지원되지 않을 수 있습니다" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "Let's Encrypt 사용" }, @@ -218,7 +230,7 @@ "column.provider": { "defaultMessage": "공급자" }, - "column.roles": { + "column.roles": { "defaultMessage": "권한" }, "column.rules": { diff --git a/frontend/src/locale/src/nl.json b/frontend/src/locale/src/nl.json index 2732f5e4df..91e71df7c5 100644 --- a/frontend/src/locale/src/nl.json +++ b/frontend/src/locale/src/nl.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "Deze domeinen moeten al worden geconfigureerd om naar deze installatie te wijzen." }, + "certificates.key-type": { + "defaultMessage": "Sleuteltype" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA is breed compatibel, ECDSA is sneller en veiliger maar wordt mogelijk niet ondersteund door oudere systemen" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "met Let's Encrypt" }, diff --git a/frontend/src/locale/src/pl.json b/frontend/src/locale/src/pl.json index 9853c7bc49..faaebc5e6b 100644 --- a/frontend/src/locale/src/pl.json +++ b/frontend/src/locale/src/pl.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "Te domeny muszą być już skonfigurowane tak, aby wskazywały na ten serwer www" }, + "certificates.key-type": { + "defaultMessage": "Typ klucza" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA jest szeroko kompatybilny, ECDSA jest szybszy i bezpieczniejszy, ale może nie być obsługiwany przez starsze systemy" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "z Let's Encrypt" }, diff --git a/frontend/src/locale/src/ru.json b/frontend/src/locale/src/ru.json index dedcd51397..44dff1294c 100644 --- a/frontend/src/locale/src/ru.json +++ b/frontend/src/locale/src/ru.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "Эти домены должны быть настроены и указывать на этот экземпляр." }, + "certificates.key-type": { + "defaultMessage": "Тип ключа" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA широко совместим, ECDSA быстрее и безопаснее, но может не поддерживаться старыми системами" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "через Let's Encrypt" }, diff --git a/frontend/src/locale/src/sk.json b/frontend/src/locale/src/sk.json index d006e5556c..6431643fc0 100644 --- a/frontend/src/locale/src/sk.json +++ b/frontend/src/locale/src/sk.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "Tieto domény musia byť už nakonfigurované tak, aby smerovali na túto inštaláciu." }, + "certificates.key-type": { + "defaultMessage": "Typ kľúča" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA je široko kompatibilný, ECDSA je rýchlejší a bezpečnejší, ale nemusí byť podporovaný staršími systémami" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "pomocou Let's Encrypt" }, diff --git a/frontend/src/locale/src/vi.json b/frontend/src/locale/src/vi.json index fc1ed85b2b..32d26d5590 100644 --- a/frontend/src/locale/src/vi.json +++ b/frontend/src/locale/src/vi.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "Các miền này phải được cấu hình sẵn để trỏ đến cài đặt này." }, + "certificates.key-type": { + "defaultMessage": "Loại khóa" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA tương thích rộng rãi, ECDSA nhanh hơn và an toàn hơn nhưng có thể không được hỗ trợ bởi các hệ thống cũ" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "bằng Let's Encrypt" }, diff --git a/frontend/src/locale/src/zh.json b/frontend/src/locale/src/zh.json index 541093a660..d40ea39d6d 100755 --- a/frontend/src/locale/src/zh.json +++ b/frontend/src/locale/src/zh.json @@ -155,6 +155,18 @@ "certificates.http.warning": { "defaultMessage": "这些域名必须配置为指向本设备。" }, + "certificates.key-type": { + "defaultMessage": "密钥类型" + }, + "certificates.key-type-description": { + "defaultMessage": "RSA 兼容性更好,ECDSA 更快更安全但旧系统可能不支持" + }, + "certificates.key-type-ecdsa": { + "defaultMessage": "ECDSA 256" + }, + "certificates.key-type-rsa": { + "defaultMessage": "RSA 2048" + }, "certificates.request.subtitle": { "defaultMessage": "使用 Let's Encrypt" }, diff --git a/frontend/src/modals/DNSCertificateModal.tsx b/frontend/src/modals/DNSCertificateModal.tsx index 3c97fddd42..f062e24dea 100644 --- a/frontend/src/modals/DNSCertificateModal.tsx +++ b/frontend/src/modals/DNSCertificateModal.tsx @@ -1,6 +1,6 @@ import { useQueryClient } from "@tanstack/react-query"; import EasyModal, { type InnerModalProps } from "ez-modal-react"; -import { Form, Formik } from "formik"; +import { Form, Formik, Field } from "formik"; import { type ReactNode, useState } from "react"; import { Alert } from "react-bootstrap"; import Modal from "react-bootstrap/Modal"; @@ -44,6 +44,7 @@ const DNSCertificateModal = EasyModal.create(({ visible, remove }: InnerModalPro provider: "letsencrypt", meta: { dnsChallenge: true, + keyType: "ecdsa", }, } as any } @@ -63,6 +64,30 @@ const DNSCertificateModal = EasyModal.create(({ visible, remove }: InnerModalPro
+ + {({ field }: any) => ( +
+ + + + + +
+ )} +
diff --git a/frontend/src/modals/HTTPCertificateModal.tsx b/frontend/src/modals/HTTPCertificateModal.tsx index b996a7d6a3..a06df2c62d 100644 --- a/frontend/src/modals/HTTPCertificateModal.tsx +++ b/frontend/src/modals/HTTPCertificateModal.tsx @@ -1,7 +1,7 @@ import { IconAlertTriangle } from "@tabler/icons-react"; import { useQueryClient } from "@tanstack/react-query"; import EasyModal, { type InnerModalProps } from "ez-modal-react"; -import { Form, Formik } from "formik"; +import { Form, Formik, Field } from "formik"; import { type ReactNode, useState } from "react"; import { Alert } from "react-bootstrap"; import Modal from "react-bootstrap/Modal"; @@ -115,6 +115,9 @@ const HTTPCertificateModal = EasyModal.create(({ visible, remove }: InnerModalPr { domainNames: [], provider: "letsencrypt", + meta: { + keyType: "ecdsa", + }, } as any } onSubmit={onSubmit} @@ -142,6 +145,30 @@ const HTTPCertificateModal = EasyModal.create(({ visible, remove }: InnerModalPr setTestResults(null); }} /> + + {({ field }: any) => ( +
+ + + + + +
+ )} + {testResults ? (