Let's encrypt csr with ECC (P-521)

Question

I'm trying to generate a certificate for my web server with Let's Encrypt. I want to manually generate key and csr with openssl, and then use letsencrypt / certbot to get the certificate. I specifically want the certificate to use sha256withecdsa. In particular I would like to use the curve secp521r1 (a.k.a. P-521).

The key generation and csr generation work fine, however, when I input the command

certbot certonly --apache -d [censored] --csr mycsr.csr --agree-tos

I get the following error:

The request message was malformed :: Invalid key in certificate request :: ECDSA curve P-521 not allowed

Is ECDSA still unsupported, or am I doing anything wrong?

Answer 1

Besides my comments on @AfroThundr reply, in fact the definitive source of information on this is https://letsencrypt.org/docs/integration-guide/ and it says:

Supported Key Algorithms

Let’s Encrypt accepts RSA keys from 2048 to 4096 bits in length, and P-256 and P-384 ECDSA keys. That’s true for both account keys and certificate keys. You can’t reuse an account key as a certificate key.

Our recommendation is to serve a dual-cert config, offering an RSA certificate by default, and a (much smaller) ECDSA certificate to those clients that indicate support.

Answer 2

While P-521 is valid for use in X.509 certificates, most browsers dropped support for it as it is not a part of Suite B and isn't very popular. As a result, Certbot doesn't allow certificates to be generated using P-521 since the browsers would reject it anyway. You can still generate certificates using the P-256 and P-384 curves. See the Mozilla and Google bugreports for details.