From e47da4ba0dccd3a194294ec1e347f44b9d488f61 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Sun, 22 Sep 2024 13:14:33 +0200
Subject: [PATCH] Fix #3531

(cherry picked from commit 8e4af5ad05812c9c8914582312e885a5b6010f5d)
---
 core/nginx/letsencrypt.py           | 1 +
 towncrier/newsfragments/3531.bugfix | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 towncrier/newsfragments/3531.bugfix

diff --git a/core/nginx/letsencrypt.py b/core/nginx/letsencrypt.py
index a8abbee7..f9aab75f 100755
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@@ -22,6 +22,7 @@ command = [
     "--preferred-challenges", "http", "--http-01-port", "8008",
     "--keep-until-expiring",
     "--allow-subset-of-names",
+    "--key-type", "rsa",
     "--renew-with-new-domains",
     "--config-dir", "/certs/letsencrypt",
     "--post-hook", "/config.py"
diff --git a/towncrier/newsfragments/3531.bugfix b/towncrier/newsfragments/3531.bugfix
new file mode 100644
index 00000000..9deddb45
--- /dev/null
+++ b/towncrier/newsfragments/3531.bugfix
@@ -0,0 +1 @@
+Ensure we have both RSA and ECDSA certs when using letsencrypt