From 6a5cd1266bf3208e26853e3b5fb9fd0d4e4d3542 Mon Sep 17 00:00:00 2001
From: yusing <yusing@6uo.me>
Date: Sat, 24 May 2025 07:29:11 +0800
Subject: [PATCH] tweak: use ecdsa p-256 for autocert

---
 internal/autocert/config.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/internal/autocert/config.go b/internal/autocert/config.go
index 52d00e01..0947df8b 100644
--- a/internal/autocert/config.go
+++ b/internal/autocert/config.go
@@ -100,8 +100,7 @@ func (cfg *Config) GetLegoConfig() (*User, *lego.Config, gperr.Error) {
 
 	if cfg.Provider != ProviderLocal && cfg.Provider != ProviderPseudo {
 		if privKey, err = cfg.LoadACMEKey(); err != nil {
-			log.Info().Err(err).Msg("load ACME private key failed")
-			log.Info().Msg("generate new ACME private key")
+			log.Info().Err(err).Msg("failed to load ACME private key, generating a now one")
 			privKey, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 			if err != nil {
 				return nil, nil, gperr.New("generate ACME private key").With(err)
@@ -118,7 +117,7 @@ func (cfg *Config) GetLegoConfig() (*User, *lego.Config, gperr.Error) {
 	}
 
 	legoCfg := lego.NewConfig(user)
-	legoCfg.Certificate.KeyType = certcrypto.RSA2048
+	legoCfg.Certificate.KeyType = certcrypto.EC256
 
 	return user, legoCfg, nil
 }