revisited: ECC & Wildcards

A while ago I wrote about using to automate my HTTPS certificates.
In the post I used a domain ( along with a number of specific subdomains (“”, “”, “”).

Today I wanted to add a subdomain to an existing domain:
This has a number of subdomains, so rather than adding a new one I decided to create a wildcard certificate.
While browsing the documentation for, I came across ECC certificates, and thought that if I was recreating a certificate that I could use this too.

The process is very similar to the previous post, I’m putting this information here since it is a little different (different enough that I’ll forget what I did in the future…)
I will cut out the output from each command this time, since it will largely be the same.

Note: All steps below were taken as the acme user.

0. Clean environment

Before I started this process, I cleaned out the old certificates and settings

$ --remove -d
$ rm -rf /usr/local/etc/ssl/manaha/*
$ rm -rf ~/certs/

1. Issuing an ECC Wildcard certificate

$ --issue --dns dns_linode -d '' -d '*' --keylength ec-256

This issues a new certificate to, and all subdomains (wildcard - see the * in the second domain declaration). It uses Linode DNS to verify I have control of the domains. The --keylength ec-256 part tells to create an ECDSA certificate (prime256v1, “ECDSA P-256”).

2. Installing the certificate

This uses the same mechanisms as in the previous post, so make sure you read that if you’re following along:

$ --install-cert --ecc -d '' -d '*' --key-file /usr/local/etc/ssl/manaha/privkey.pem --fullchain-file /usr/local/etc/ssl/manaha/fullchain.pem --reloadcmd "sleep 65 && touch /var/db/acme/.restart_nginx"

The only real difference between this post and the last one is the --ecc, this tells that the certificate being used is ECDSA.

3. Renewing certificates

This was already done for me, and it’s documented in the original post.

comments powered by Disqus