I need help figuring out how to change the certificate cloudflare has issued from RSA to ECDSA.
I have several domains that I use with cloudflare, all of them use a ECDSA certificate except the first one I added which is using RSA. And yes, they are cloudflare issued.
Can you share the domain? According to the docs, all Free plans are issued ECC certs only, while paid plans get both ECDSA and RSA. I have never seen RSA only.
I can’t find rhyme or reason. My Pro plan is RSA, and a medium-aged free plan is ECDSA. My free plans seem to be 50/50. One Biz is RSA, and the other is ECDSA. Ent plan is RSA.
They all score A+ at Qualys, though.
UPDATE: Maybe I’m not reading the reports right. I have one domain using ACM, which says it issued both, but Qualys looks like it’s only looking at the RSA cert.
Yeah, I’m not reading the reports quite right. One Biz plan has both certs, and one is ECDSA only. Some (but not all) other plans I thought were RSA actually have both. I’m just going to again.
The current Cloudflare issued cert for your domain is ECDSA, and that’s what I see in tools like SSLLabs.
Currently, all Let’s Encrypt certs are issued from the RSA root. (You can request certs from the ECC root, but it’s not yet the default.). Cloudflare use LE for some domains, and it’s an option on ACM certs.