diff --git a/API.md b/API.md
index 00fef5e..c41d83c 100644
--- a/API.md
+++ b/API.md
@@ -212,6 +212,19 @@ Defaults to layer for US-EAST-1
---
+##### `keyType`Optional
+
+```typescript
+public readonly keyType: string;
+```
+
+- *Type:* `string`
+- *Default:* 'ecdsa'
+
+Set the key type for the certificate.
+
+---
+
##### `kmsKeyAlias`Optional
```typescript
diff --git a/function/src/index.py b/function/src/index.py
index 59940d5..3bcb74a 100644
--- a/function/src/index.py
+++ b/function/src/index.py
@@ -89,7 +89,7 @@ def read_and_delete_file(path, filename, storage_method):
else:
print(f'WARN: Dry run was used so {filename} was not generated.')
-def provision_cert(email, domains, storage_method):
+def provision_cert(email, domains, storage_method, keytype):
cerbot_args = [
'certonly', # Obtain a cert but don't install it
'-n', # Run in non-interactive mode
@@ -97,6 +97,7 @@ def provision_cert(email, domains, storage_method):
'--email', email, # Email
'--dns-route53', # Use dns challenge with route53
'-d', domains, # Domains to provision certs for
+ '--key-type', keytype, # Key type
# Override directory paths so script doesn't have to be run as root
'--config-dir', '/tmp/config-dir/',
'--work-dir', '/tmp/work-dir/',
@@ -204,6 +205,7 @@ def handler(event, context):
print("CERTIFICATE_STORAGE: " + storage_method)
print("LETSENCRYPT_DOMAINS: " + os.environ['LETSENCRYPT_DOMAINS'])
print("LETSENCRYPT_EMAIL: " + os.environ['LETSENCRYPT_EMAIL'])
+ print("KEY_TYPE: " + os.environ['KEY_TYPE'])
print("PREFERRED_CHAIN: " + os.environ['PREFERRED_CHAIN'])
print("DRY_RUN: " + os.environ['DRY_RUN'])
@@ -224,7 +226,7 @@ def handler(event, context):
domains = os.environ['LETSENCRYPT_DOMAINS']
if should_provision(domains):
- cert = provision_cert(os.environ['LETSENCRYPT_EMAIL'], domains, storage_method)
+ cert = provision_cert(os.environ['LETSENCRYPT_EMAIL'], domains, storage_method, os.environ['KEY_TYPE'])
if not os.getenv("DRY_RUN", 'False').lower() in ["true", "1"]:
upload_cert_to_acm(cert, domains)
notify_via_sns(os.environ['NOTIFICATION_SNS_ARN'], domains, cert['certificate'])
diff --git a/src/index.ts b/src/index.ts
index 39f3ab1..167f412 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -85,6 +85,12 @@ export interface CertbotProps {
* @default 'None'
*/
readonly preferredChain?: string;
+ /**
+ * Set the key type for the certificate.
+ *
+ * @default 'ecdsa'
+ */
+ readonly keyType?: string;
/**
* The SNS topic to notify when a new cert is issued. If no topic is given one will be created automatically.
*/
@@ -265,6 +271,7 @@ export class Certbot extends Construct {
OBJECT_PREFIX: props.objectPrefix || '',
REISSUE_DAYS: (props.reIssueDays === undefined) ? '30' : String(props.reIssueDays),
PREFERRED_CHAIN: props.preferredChain || 'None',
+ KEY_TYPE: props.keyType || 'ecdsa',
NOTIFICATION_SNS_ARN: snsTopic.topicArn,
DRY_RUN: 'False',
},
diff --git a/test/__snapshots__/certbot.test.ts.snap b/test/__snapshots__/certbot.test.ts.snap
index 1cd0b92..653626e 100644
--- a/test/__snapshots__/certbot.test.ts.snap
+++ b/test/__snapshots__/certbot.test.ts.snap
@@ -142,6 +142,7 @@ Object {
},
"CERTIFICATE_STORAGE": "s3",
"DRY_RUN": "False",
+ "KEY_TYPE": "ecdsa",
"LETSENCRYPT_DOMAINS": "test2.local, www.test2.local",
"LETSENCRYPT_EMAIL": "test@test2.local",
"NOTIFICATION_SNS_ARN": Object {
@@ -457,6 +458,7 @@ Object {
"CERTIFICATE_SECRET_PATH": "/certbot/certificates/test3.local/",
"CERTIFICATE_STORAGE": "secretsmanager",
"DRY_RUN": "False",
+ "KEY_TYPE": "ecdsa",
"LETSENCRYPT_DOMAINS": "test3.local, www.test3.local",
"LETSENCRYPT_EMAIL": "test@test3.local",
"NOTIFICATION_SNS_ARN": Object {
@@ -767,6 +769,7 @@ Object {
"CERTIFICATE_STORAGE": "secretsmanager",
"CUSTOM_KMS_KEY_ID": "alias/test",
"DRY_RUN": "False",
+ "KEY_TYPE": "ecdsa",
"LETSENCRYPT_DOMAINS": "test4.local, www.test4.local",
"LETSENCRYPT_EMAIL": "test@test4.local",
"NOTIFICATION_SNS_ARN": Object {
@@ -1076,6 +1079,7 @@ Object {
"CERTIFICATE_PARAMETER_PATH": "/certbot/certificates/test5.local/",
"CERTIFICATE_STORAGE": "ssm_secure",
"DRY_RUN": "False",
+ "KEY_TYPE": "ecdsa",
"LETSENCRYPT_DOMAINS": "test5.local, www.test5.local",
"LETSENCRYPT_EMAIL": "test@test5.local",
"NOTIFICATION_SNS_ARN": Object {
@@ -1378,6 +1382,7 @@ Object {
"CERTIFICATE_STORAGE": "ssm_secure",
"CUSTOM_KMS_KEY_ID": "alias/test",
"DRY_RUN": "False",
+ "KEY_TYPE": "ecdsa",
"LETSENCRYPT_DOMAINS": "test6.local, www.test6.local",
"LETSENCRYPT_EMAIL": "test@test6.local",
"NOTIFICATION_SNS_ARN": Object {
@@ -1687,6 +1692,7 @@ Object {
"CERTIFICATE_STORAGE": "efs",
"DRY_RUN": "False",
"EFS_PATH": "/mnt/efs",
+ "KEY_TYPE": "ecdsa",
"LETSENCRYPT_DOMAINS": "test7.local, www.test7.local",
"LETSENCRYPT_EMAIL": "test@test7.local",
"NOTIFICATION_SNS_ARN": Object {
@@ -2174,6 +2180,7 @@ Object {
},
"CERTIFICATE_STORAGE": "s3",
"DRY_RUN": "False",
+ "KEY_TYPE": "ecdsa",
"LETSENCRYPT_DOMAINS": "test.local, www.test.local",
"LETSENCRYPT_EMAIL": "test@test.local",
"NOTIFICATION_SNS_ARN": Object {