diff --git a/letsencrypt.js b/letsencrypt.js index c1823ba4..dd26cd2c 100644 --- a/letsencrypt.js +++ b/letsencrypt.js @@ -66,7 +66,7 @@ module.exports.CreateLetsEncrypt = function (parent) { if (obj.parent.config.letsencrypt.email == null) { obj.configErr = "Let's Encrypt email address not specified."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } if ((obj.parent.redirserver == null) || ((typeof obj.parent.config.settings.rediraliasport === 'number') && (obj.parent.config.settings.rediraliasport !== 80)) || ((obj.parent.config.settings.rediraliasport == null) && (obj.parent.redirserver.port !== 80))) { obj.configErr = "Redirection web server must be active on port 80 for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } if (obj.redirWebServerHooked !== true) { obj.configErr = "Redirection web server not setup for Let's Encrypt to work."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } - if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072)) { obj.configErr = "Invalid Let's Encrypt certificate key size, must be 2048 or 3072."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } + if ((obj.parent.config.letsencrypt.rsakeysize != null) && (obj.parent.config.letsencrypt.rsakeysize !== 2048) && (obj.parent.config.letsencrypt.rsakeysize !== 3072) && (obj.parent.config.letsencrypt.rsakeysize !== 4096)) { obj.configErr = "Invalid Let's Encrypt certificate key size, must be 2048, 3072 or 4096."; parent.addServerWarning(obj.configErr); obj.log("WARNING: " + obj.configErr); func(certs); return; } if (obj.checkInterval == null) { obj.checkInterval = setInterval(obj.checkRenewCertificate, 86400000); } // Call certificate check every 24 hours. obj.configOk = true; @@ -165,7 +165,7 @@ module.exports.CreateLetsEncrypt = function (parent) { // Create a private key obj.log("Generating private key..."); - acme.forge.createPrivateKey().then(function (accountKey) { + acme.forge.createPrivateKey(obj.parent.config.letsencrypt.rsakeysize != null ? obj.parent.config.letsencrypt.rsakeysize : 2048).then(function (accountKey) { // Create the ACME client obj.log("Setting up ACME client..."); @@ -189,7 +189,7 @@ module.exports.CreateLetsEncrypt = function (parent) { // Create Certificate Request (CSR) obj.log("Creating certificate request..."); - var certRequest = { commonName: obj.leDomains[0] }; + var certRequest = { commonName: obj.leDomains[0], keySize: obj.parent.config.letsencrypt.rsakeysize != null ? obj.parent.config.letsencrypt.rsakeysize : 2048 }; if (obj.leDomains.length > 1) { certRequest.altNames = obj.leDomains; } acme.forge.createCsr(certRequest).then(function (r) { obj.csr = r[1]; diff --git a/meshcentral-config-schema.json b/meshcentral-config-schema.json index 9e7daffd..80ecc43a 100644 --- a/meshcentral-config-schema.json +++ b/meshcentral-config-schema.json @@ -546,7 +546,7 @@ }, "agentWsCompression": { "type": "boolean", - "default": true, + "default": false, "description": "Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work." }, "noAgentUpdate": { @@ -3892,6 +3892,11 @@ "default": false, "description": "By default a test certificate will be obtained from Let's Encrypt. Setting \"zerossl\", will ignore this setting. Always start by getting a test certificate and make sure that works before setting this to true and obtaining a production certificate. Making too many bad requests for a production certificate will get you banned for a long period of time." }, + "rsaKeySize": { + "type": "integer", + "default": 2048, + "description": "The size of the RSA key to generate. The default is 2048 bits." + }, "nochecks": { "type": "boolean", "default": false,