Feature Request - Allow configuration of "key-type" or "Signature Algorithm"

[GoTTi74]

Problem/Motivation

When using an old web-server (e.g. Synology DSM 6.x) the ECC/ECDSA "Signature Algorithm" is not supported. Instead the former RSA standard is required.

Expected behavior

Allow NGINX to configure the default "Signature Algorithm"

Actual behavior

By default, the "signature algorithm" is configured in ./etc/letsencrypt.ini as 'key-type = ecdsa'. When issuing a certificate with this key-type, it can't be used in older versions of Synology DSM (6.x). Instead, Synology will show an error "DSM does not support ECC certificates" when trying to import a certificate managed by Nginx.

Steps to reproduce

To workaround this issue, one must manually update the 'key-type = ecdsa' to 'key-type = rsa' before renewing a certificate required by Synology (e.g. for "Synology Drive Sync").

Proposed changes

The manual workaround is possible but not persistent.
Ideally, one could configure the preferred "key-type" in the AddOn

[averstappen]

I have a similar issue, in my case a printer that doesnt support ecdsa. My prefered solution would be to be able to override the key-type per certificate, so that all other certificates stay at the default.