Add ECC certs for modern clients

core/nginx/letsencrypt.py

@@ -14,7 +14,19 @@ command = [
     "--cert-name", "mailu",
     "--preferred-challenges", "http", "--http-01-port", "8008",
     "--keep-until-expiring",
-    "--rsa-key-size", "3072",
+    "--config-dir", "/certs/letsencrypt",
+    "--post-hook", "/config.py"
+]
+command2 = [
+    "certbot",
+    "-n", "--agree-tos", # non-interactive
+    "-d", os.environ["HOSTNAMES"],
+    "-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]),
+    "certonly", "--standalone",
+    "--cert-name", "mailu-ecdsa",
+    "--preferred-challenges", "http", "--http-01-port", "8008",
+    "--keep-until-expiring",
+    "--key-type", "ecdsa",
     "--config-dir", "/certs/letsencrypt",
     "--post-hook", "/config.py"
 ]
@@ -25,5 +37,6 @@ time.sleep(5)
 # Run certbot every hour
 while True:
     subprocess.call(command)
+    subprocess.call(command2)
     time.sleep(3600)