feat: configurable cert key type #264

internal/cert/auto_cert.go

@@ -74,6 +74,7 @@ func renew(certModel *model.Cert) {
 		ServerName:      certModel.Domains,
 		ChallengeMethod: certModel.ChallengeMethod,
 		DNSCredentialID: certModel.DnsCredentialID,
+		KeyType:         certModel.GetKeyType(),
 	}
 
 	// errChan will be closed inside IssueCert

internal/cert/cert.go

@@ -32,9 +32,10 @@ const (
 )
 
 type ConfigPayload struct {
-	ServerName      []string `json:"server_name"`
-	ChallengeMethod string   `json:"challenge_method"`
-	DNSCredentialID int      `json:"dns_credential_id"`
+	ServerName      []string           `json:"server_name"`
+	ChallengeMethod string             `json:"challenge_method"`
+	DNSCredentialID int                `json:"dns_credential_id"`
+	KeyType         certcrypto.KeyType `json:"key_type"`
 }
 
 func IssueCert(payload *ConfigPayload, logChan chan string, errChan chan error) {
@@ -93,7 +94,7 @@ func IssueCert(payload *ConfigPayload, logChan chan string, errChan chan error)
 		}
 	}
 
-	config.Certificate.KeyType = certcrypto.RSA2048
+	config.Certificate.KeyType = payload.KeyType
 
 	l.Println("[INFO] [Nginx UI] Creating client facilitates communication with the CA server")
 	// A client facilitates communication with the CA server.

internal/validation/key_type.go

@@ -0,0 +1,15 @@
+package validation
+
+import (
+	"github.com/go-acme/lego/v4/certcrypto"
+	val "github.com/go-playground/validator/v10"
+)
+
+func autoCertKeyType(fl val.FieldLevel) bool {
+	switch certcrypto.KeyType(fl.Field().String()) {
+	case certcrypto.RSA2048, certcrypto.RSA3072, certcrypto.RSA4096,
+		certcrypto.EC256, certcrypto.EC384:
+		return true
+	}
+	return false
+}

internal/validation/validation.go

@@ -42,5 +42,11 @@ func Init() {
 		logger.Fatal(err)
 	}
 
+	err = v.RegisterValidation("auto_cert_key_type", autoCertKeyType)
+
+	if err != nil {
+		logger.Fatal(err)
+	}
+
 	return
 }