Create a certificate with ECDSA
By default, Certbot will request a certificate with RSA. If ECC is your preferred choice, we support the P-256 NIST curve. The following steps [1-3] is one approach to obtain it.
 Generate the key
root@acme# openssl ecparam -out server.key -name prime256v1 -genkey
 Generate the CSR
root@acme# openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) : <YOUR_DOMAIN> Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
 Apply for a certificate
root@acme# certbot certonly --webroot -w /var/www/example.com/public_html/ --csr server.csr --server 'https://api.buypass.com/acme/directory'