undefined | Better HN

0 pointsAyesh3y ago0 comments

LetsEncrypt now has an ECC root and intermediates. You have to request the account ID to be included, and after which, the intermediate and root certificates will be ECC. More information here: https://community.letsencrypt.org/t/ecdsa-availability-in-pr...

0 comments

netheril963y ago

The alternative you suggest has a longer chain of certificates, and more difficult setup. Using ZeroSSL is way easier with less bytes on the TLS handshake.

AyeshOP3y ago

Do you have a test host with the Zerossl chain that you speak of? Use https://aye.sh if you want to try a host using the ECC chain from LE.

netheril963y ago

So the article is outdated I guess. The length of the chain is the same now.

I'll consider switching back to Let's Encrypt once this setup doesn't require a whitelist.

j / k navigate · click thread line to collapse

0 pointsAyesh3y ago0 comments

0 comments

netheril963y ago

The alternative you suggest has a longer chain of certificates, and more difficult setup. Using ZeroSSL is way easier with less bytes on the TLS handshake.

AyeshOP3y ago

Do you have a test host with the Zerossl chain that you speak of? Use https://aye.sh if you want to try a host using the ECC chain from LE.

netheril963y ago

So the article is outdated I guess. The length of the chain is the same now.

I'll consider switching back to Let's Encrypt once this setup doesn't require a whitelist.

j / k navigate · click thread line to collapse