I've subsequently updated the cert to use ECC crypto and now want to update it so that the root domain is also included in my wildcard cert.
First remove the current cert:
acme.sh --remove --ecc -d *.durrant.me.uk
Now issue the new one:
acme.sh --issue --keylength ec-256 -d durrant.me.uk -d *.durrant.me.uk --dns dns_cf
And finally install it:
acme.sh --install-cert --ecc -d durrant.me.uk --key-file /etc/pki/tls/private/durrant.me.uk.key --cert-file /etc/pki/tls/certs/durrant.me.uk.cer --reloadcmd "sudo systemctl restart httpd.service"
A few notes.
- To use ECC , it's as simple as specifying --keylength ec-256 when requesting it. Make sure to always specify --ecc in issue & install operations to tell acme.sh to use the ECC one otherwise it will default to RSA if you have that cert too.
- For the installation to work make sure the user running acme.sh has sudo privilege to restart the web server and permissions to write to the cert & key file. (chown acme does it for me)
