[PR #5177] Support configurable key sizes for Let’s Encrypt certificates #4077

New issue

Open

opened 2026-02-26 08:33:03 +03:00 by kerem · 0 comments

kerem commented

2026-02-26 08:33:03 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5177
Author: @KalebCheng
Created: 1/16/2026
Status: 🔄 Open

Base: develop ← Head: feature/certificate-key-length-selection

📝 Commits (1)

0940393 Support configurable key sizes for Let’s Encrypt certificates

📊 Changes

17 files changed (+288 additions, -28 deletions)

View changed files

📝 backend/internal/certificate.js (+52 -0)
📝 backend/schema/components/certificate-object.json (+5 -0)
📝 frontend/src/locale/src/bg.json (+11 -2)
📝 frontend/src/locale/src/de.json (+11 -2)
📝 frontend/src/locale/src/en.json (+11 -2)
📝 frontend/src/locale/src/es.json (+11 -2)
📝 frontend/src/locale/src/it.json (+11 -2)
📝 frontend/src/locale/src/ja.json (+11 -2)
📝 frontend/src/locale/src/ko.json (+11 -2)
📝 frontend/src/locale/src/nl.json (+11 -2)
📝 frontend/src/locale/src/pl.json (+11 -2)
📝 frontend/src/locale/src/ru.json (+11 -2)
📝 frontend/src/locale/src/sk.json (+11 -2)
📝 frontend/src/locale/src/vi.json (+11 -2)
📝 frontend/src/locale/src/zh.json (+11 -2)
📝 frontend/src/modals/DNSCertificateModal.tsx (+44 -1)
📝 frontend/src/modals/HTTPCertificateModal.tsx (+44 -1)

📄 Description

Summary

This PR improves the Let’s Encrypt certificate workflow by adding support for configurable key sizes during certificate issuance and renewal.
Users can now choose appropriate security levels based on their environment while keeping sensible defaults and full backward compatibility.

Changes

Added support for selecting key type (ECDSA / RSA) and corresponding key sizes:
- ECDSA: 256 (default), 384
- RSA: 2048 (default), 3072, 4096
Key size options dynamically adapt to the selected key type, with smart defaults applied automatically.
Key size configuration is consistently applied to both certificate creation and renewal (HTTP & DNS).
Existing certificates remain unaffected, and unspecified key sizes fall back to Let’s Encrypt defaults.
Full internationalization support across all supported languages.

Testing

Verified certificate issuance with multiple ECDSA and RSA key sizes.
Verified key type switching correctly resets the default key size.
Verified HTTP certificate renewal preserves the configured key parameters.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/NginxProxyManager/nginx-proxy-manager/pull/5177 **Author:** [@KalebCheng](https://github.com/KalebCheng) **Created:** 1/16/2026 **Status:** 🔄 Open **Base:** `develop` ← **Head:** `feature/certificate-key-length-selection` --- ### 📝 Commits (1) - [`0940393`](https://github.com/NginxProxyManager/nginx-proxy-manager/commit/0940393ff32d1b4e0e04df1611068415e80a2566) Support configurable key sizes for Let’s Encrypt certificates ### 📊 Changes **17 files changed** (+288 additions, -28 deletions) <details> <summary>View changed files</summary> 📝 `backend/internal/certificate.js` (+52 -0) 📝 `backend/schema/components/certificate-object.json` (+5 -0) 📝 `frontend/src/locale/src/bg.json` (+11 -2) 📝 `frontend/src/locale/src/de.json` (+11 -2) 📝 `frontend/src/locale/src/en.json` (+11 -2) 📝 `frontend/src/locale/src/es.json` (+11 -2) 📝 `frontend/src/locale/src/it.json` (+11 -2) 📝 `frontend/src/locale/src/ja.json` (+11 -2) 📝 `frontend/src/locale/src/ko.json` (+11 -2) 📝 `frontend/src/locale/src/nl.json` (+11 -2) 📝 `frontend/src/locale/src/pl.json` (+11 -2) 📝 `frontend/src/locale/src/ru.json` (+11 -2) 📝 `frontend/src/locale/src/sk.json` (+11 -2) 📝 `frontend/src/locale/src/vi.json` (+11 -2) 📝 `frontend/src/locale/src/zh.json` (+11 -2) 📝 `frontend/src/modals/DNSCertificateModal.tsx` (+44 -1) 📝 `frontend/src/modals/HTTPCertificateModal.tsx` (+44 -1) </details> ### 📄 Description ## Summary This PR improves the Let’s Encrypt certificate workflow by adding support for **configurable key sizes** during certificate issuance and renewal. Users can now choose appropriate security levels based on their environment while keeping sensible defaults and full backward compatibility. --- ## Changes - Added support for selecting **key type** (ECDSA / RSA) and corresponding **key sizes**: - ECDSA: 256 (default), 384 - RSA: 2048 (default), 3072, 4096 - Key size options dynamically adapt to the selected key type, with smart defaults applied automatically. - Key size configuration is consistently applied to both **certificate creation and renewal** (HTTP & DNS). - Existing certificates remain unaffected, and unspecified key sizes fall back to Let’s Encrypt defaults. - Full internationalization support across all supported languages. --- ## Testing - Verified certificate issuance with multiple ECDSA and RSA key sizes. - Verified key type switching correctly resets the default key size. - Verified HTTP certificate renewal preserves the configured key parameters. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem added the

pull-request

label

2026-02-26 08:33:03 +03:00

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#4077

No description provided.

Rows
Columns