Actually use ECDSA certificates by default

JonasAlfredsson · JonasAlfredsson · commit 9b098697beb2 · 2022-02-16T19:33:12.000+01:00
I forgot to make ECDSA certificates the default in the previous
release, so this is just a small fix to actually make it so.
diff --git a/docs/changelog.md b/docs/changelog.md
@@ -1,5 +1,9 @@
 # Changelog
 
+### 3.0.1
+- Actually use ECDSA certificates by default.
+  - Eagerness to deploy latest version this update was forgotten.
+
 ### 3.0.0
 - Add support for DNS-01 challenges.
   - Check out the list of all currently [supported authenticators](./certbot_authenticators.md).
diff --git a/docs/dockerhub_tags.md b/docs/dockerhub_tags.md
@@ -17,7 +17,8 @@ are updated.
 
 | Major | Minor | Patch | Nginx              |
 | ----: | ----: | ----: | :----------------- |
-| 3     | 3.0   | 3.0.0 | 3.0.0-nginx1.21.3  |
+| 3     | 3.0   | 3.0.1 | 3.0.1-nginx1.21.3  |
+|       |       | 3.0.0 | 3.0.0-nginx1.21.3  |
 | 2     | 2.4   | 2.4.1 | 2.4.1-nginx1.21.3  |
 |       |       |       | 2.4.1-nginx1.21.1  |
 |       |       |       | 2.4.1-nginx1.21.0  |
diff --git a/docs/good_to_know.md b/docs/good_to_know.md
@@ -129,7 +129,7 @@ yet, but if you don't expect to serve anything outisde the "Modern" row in
 to request these types of certificates.
 
 This is achieved by setting the [environment variable](../README.md#optional)
-`USE_ECDSA=1` (the default since version 3.0.0), and you can optionally tune
+`USE_ECDSA=1` (the default since version 3.0.1), and you can optionally tune
 which [curve][18] to use with `ELLIPTIC_CURVE`. If you already have RSA
 certificates downloaded you will either have to wait until they expire, or
 [force](./advanced_usage.md#manualforce-renewal) a renewal, before this change
diff --git a/examples/nginx-certbot.env b/examples/nginx-certbot.env
@@ -7,7 +7,7 @@ ELLIPTIC_CURVE=secp256r1
 RENEWAL_INTERVAL=8d
 RSA_KEY_SIZE=2048
 STAGING=0
-USE_ECDSA=0
+USE_ECDSA=1
 
 # Advanced (Defaults)
 CERTBOT_AUTHENTICATOR=webroot
diff --git a/src/scripts/run_certbot.sh b/src/scripts/run_certbot.sh
@@ -118,10 +118,10 @@ for cert_name in "${!certificates[@]}"; do
     elif [[ "${cert_name,,}" =~ (^|[-.])rsa([-.]|$) ]]; then
         debug "Found variant of 'RSA' in name '${cert_name}"
         key_type="rsa"
-    elif [ "${USE_ECDSA}" == "1" ]; then
-        key_type="ecdsa"
-    else
+    elif [ "${USE_ECDSA}" == "0" ]; then
         key_type="rsa"
+    else
+        key_type="ecdsa"
     fi
 
     # Determine the authenticator to use to solve the authentication challenge.
