From cb68cb312b781810f0ad57a8722bf2315f272458 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Mon, 9 Aug 2021 20:40:56 +0200
Subject: [PATCH] Reduce the size of the RSA key to 3072bits

This is already generous for certificates that have a 3month validity!

We rekey every single time.
---
 core/nginx/letsencrypt.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/nginx/letsencrypt.py b/core/nginx/letsencrypt.py
index 3fe8ea92..ed106fa1 100755
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@@ -14,7 +14,7 @@ command = [
     "--cert-name", "mailu",
     "--preferred-challenges", "http", "--http-01-port", "8008",
     "--keep-until-expiring",
-    "--rsa-key-size", "4096",
+    "--rsa-key-size", "3072",
     "--config-dir", "/certs/letsencrypt",
     "--post-hook", "/config.py"
 ]