starred/nginx-proxy-manager-NginxProxyManager

Fork 0

mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 01:15:51 +03:00

[GH-ISSUE #950] New Certbot version + modern key/certificate options #802

New issue

Closed

opened 2026-02-26 06:34:29 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 06:34:29 +03:00

Owner

Originally created by @phantomski77 on GitHub (Mar 15, 2021).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/950

Is your feature request related to a problem? Please describe.
Requesting bump of certbot to a version 1.10+ (ideally latest 1.13) which will allow to use Mozilla Modern TLS 1.3 configurations for keys and certificates.

Describe the solution you'd like

certbot version 1.13 (or at least 1.10) which in turn requires Alpine v 3.13 (certbot 1.11.0-r1) or edge (certbot 1.13.0-r1)

Related as an option

either /etc/letsencrypt.ini changes to key-type = ecdsa and elliptic-curve = secp384r1
or create templates and Tabler WebGUI options to choose the key-type, elliptic-curve and rsa-key-size for certificate issue and subsequent renewals
if neither is suitable, I can of course edit these myself, as long as certbot is version 1.10+

Describe alternatives you've considered
Manual file editing for rsa-key-size, otherwise main package changes needed.

Additional context
In the ideal world, it would be great to have a configurable choice of all these parameters individually, or ideally a composite option to choose between old, intermediate and modern configurations for both certbot and nginx as per Mozilla specs (there’s a great configurator for these configurations available on their site above).

As always - thank you for your great effort so far. No pressure and thank you for consideration.

Originally created by @phantomski77 on GitHub (Mar 15, 2021). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/950 **Is your feature request related to a problem? Please describe.** Requesting bump of `certbot` to a version 1.10+ (ideally latest 1.13) which will allow to use [Mozilla Modern TLS 1.3 configurations](https://wiki.mozilla.org/Security/Server_Side_TLS) for keys and certificates. **Describe the solution you'd like** - `certbot` version 1.13 (or at least 1.10) which in turn requires `Alpine` v 3.13 (certbot 1.11.0-r1) or edge (certbot 1.13.0-r1) **Related as an option** - _either_ `/etc/letsencrypt.ini` changes to `key-type = ecdsa` and `elliptic-curve = secp384r1` - _or_ create templates and Tabler WebGUI options to choose the `key-type`, `elliptic-curve` and `rsa-key-size` for certificate issue and subsequent renewals - if neither is suitable, I can of course edit these myself, as long as `certbot` is version 1.10+ **Describe alternatives you've considered** Manual file editing for `rsa-key-size`, otherwise main package changes needed. **Additional context** In the ideal world, it would be great to have a configurable choice of all these parameters individually, or ideally a composite option to choose between old, intermediate and modern configurations for both `certbot` and `nginx` as per Mozilla specs (there’s a great configurator for these configurations available on their site above). As always - thank you for your great effort so far. No pressure and thank you for consideration.

kerem

2026-02-26 06:34:29 +03:00

closed this issue
added the
enhancement

stale
labels

kerem commented

2026-02-26 06:34:29 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Mar 16, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Mar 16, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:

kerem commented

2026-02-26 06:34:29 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Apr 28, 2025):

Issue was closed due to inactivity.

@github-actions[bot] commented on GitHub (Apr 28, 2025): Issue was closed due to inactivity.

kerem referenced this issue

2026-02-26 07:38:48 +03:00

[PR #802] [CLOSED] Add Gandi provider for DNS challenge #3300

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#802

No description provided.

Rows
Columns