Add support for obtain ECDSA keys (#1667)

* Add support for obtain ECDSA keys * Replace matrix_ssl_lets_encrypt_use_ecdsa_keys for matrix_ssl_lets_encrypt_key_type
2022-03-03 13:15:39 -03:00
parent 35df276487
commit 4ec24ec344
5 changed files with 22 additions and 1 deletions
--- a/roles/matrix-nginx-proxy/tasks/ssl/main.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/main.yml
@ -5,6 +5,11 @@
    msg: "The `matrix_ssl_retrieval_method` variable contains an unsupported value"
  when: "matrix_ssl_retrieval_method not in ['lets-encrypt', 'self-signed', 'manually-managed', 'none']"

+- name: Fail if using unsupported private key type
+  fail:
+    msg: "The `matrix_ssl_lets_encrypt_key_type` variable contains an unsupported value"
+  when: "matrix_ssl_lets_encrypt_key_type not in ['rsa', 'ecdsa']"
+

 # Common tasks, required by almost any method below.

--- a/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
+++ b/roles/matrix-nginx-proxy/tasks/ssl/setup_ssl_lets_encrypt_obtain_for_domain.yml
@ -45,6 +45,7 @@
    --http-01-port 8080
    {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
    {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
+    --key-type {{ matrix_ssl_lets_encrypt_key_type }}
    --standalone
    --preferred-challenges http
    --agree-tos
@ -74,6 +75,7 @@
    --http-01-port 8080
    {% if matrix_ssl_lets_encrypt_server %}--server={{ matrix_ssl_lets_encrypt_server|quote }}{% endif %}
    {% if matrix_ssl_lets_encrypt_staging %}--staging{% endif %}
+    --key-type {{ matrix_ssl_lets_encrypt_key_type }}
    --standalone
    --preferred-challenges http
    --agree-tos