prefer pkcs1 for acme certs

2025-01-01 13:13:53 +08:00 · 2021-09-10 10:21:33 +03:00 · 2021-09-10 10:21:33 +03:00 · 97b53a4fd3
commit 97b53a4fd3
parent bf60817694
2 changed files with 4 additions and 5 deletions
--- a/lib/acme/certs.js
+++ b/lib/acme/certs.js
@ -91,7 +91,7 @@ const getAcmeAccount = async (acmeOptions, certHandler) => {

    // account not found, create a new one
    log.info('ACME', 'ACME account for %s not found, provisioning new one from %s', acmeOptions.key, acmeOptions.directoryUrl);
-    const accountKey = await certHandler.generateKey(acmeOptions.keyBits, acmeOptions.keyExponent, { privateKeyEncoding: 'pkcs1' });
+    const accountKey = await certHandler.generateKey(acmeOptions.keyBits, acmeOptions.keyExponent);

    const jwkAccount = pem2jwk(accountKey);
    log.info('ACME', 'Generated Acme account key for %s', acmeOptions.key);
@ -243,7 +243,6 @@ const acquireCert = async (domain, acmeOptions, certificateData, certHandler) =>
        };

        const aID = ((acmeAccount && acmeAccount.account && acmeAccount.account.key && acmeAccount.account.key.kid) || '').split('/acct/').pop();
-
        log.info('ACME', 'Generate ACME cert for %s (account=%s)', domain, aID);
        const cert = await acme.certificates.create(certificateOptions);
        if (!cert || !cert.cert) {
@ -281,7 +280,7 @@ const acquireCert = async (domain, acmeOptions, certificateData, certHandler) =>
            log.error('ACME', 'Redis call failed key=%s domains=%s error=%s', domainSafeLockKey, domain, err.message);
        }

-        log.error('ACME', 'Failed to generate cert domains=%s error=%s', domain, err.stack);
+        log.error('ACME', 'Failed to generate certificate domains=%s error=%s', domain, err.stack);

        if (certificateData && certificateData._id) {
            try {
--- a/lib/cert-handler.js
+++ b/lib/cert-handler.js
@ -55,11 +55,11 @@ class CertHandler {
            modulusLength: keyBits || 2048, // options
            publicExponent: keyExponent || 65537,
            publicKeyEncoding: {
-                type: 'spki',
+                type: opts.publicKeyEncoding || 'spki',
                format: 'pem'
            },
            privateKeyEncoding: {
-                type: opts.privateKeyEncoding || 'pkcs8',
+                type: opts.privateKeyEncoding || 'pkcs1',
                format: 'pem'
            }
        });