ESDB currently supports only RSA keys in certificates when specifying --certificate-private-key-file
.
The advantage of using EC keys would be that the key is much smaller for the same security level (EC takes 256 bit vs RSA 2048 bit for same security level). The connection setup time also seems to be much faster based on preliminary tests done.
That's the default when using certbot v2.0.0 and forward https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys :
secp256r1
(P-256)it is supported by .NET https://learn.microsoft.com/en-us/dotnet/standard/security/cross-platform-cryptography#ecdsa
on all major platform we support .