diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index db5dcc2ef..266663b8e 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -516,6 +516,34 @@ certificatesResolvers: # ... ``` +### `keyType` + +_Optional, Default="RSA4096"_ + +KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. + +```toml tab="File (TOML)" +[certificatesResolvers.myresolver.acme] + # ... + keyType = "RSA4096" + # ... +``` + +```yaml tab="File (YAML)" +certificatesResolvers: + myresolver: + acme: + # ... + keyType: 'RSA4096' + # ... +``` + +```bash tab="CLI" +# ... +--certificatesresolvers.myresolver.acme.keyType="RSA4096" +# ... +``` + ## Fallback If Let's Encrypt is not reachable, the following certificates will apply: diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go index 1283db6d8..20cc271dc 100644 --- a/pkg/provider/acme/provider.go +++ b/pkg/provider/acme/provider.go @@ -220,7 +220,7 @@ func (p *Provider) getClient() (*lego.Client, error) { config := lego.NewConfig(account) config.CADirURL = caServer - config.Certificate.KeyType = account.KeyType + config.Certificate.KeyType = GetKeyType(ctx, p.KeyType) config.UserAgent = fmt.Sprintf("containous-traefik/%s", version.Version) client, err := lego.NewClient(config)