letsencrypt: Add ECDSA key type check to check-certificate

diff --git a/cookbooks/letsencrypt/templates/default/check-certificate.erb b/cookbooks/letsencrypt/templates/default/check-certificate.erb
index 8863e9ae8f32382b01e9fc2a956656eea35feccf..319072b6b0ae8b8903d803600ea3e64890ebaf3e 100644 (file)
--- a/cookbooks/letsencrypt/templates/default/check-certificate.erb
+++ b/cookbooks/letsencrypt/templates/default/check-certificate.erb
@@ -33,6 +33,10 @@ if ssl
     puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
   end
 
+  unless certificate.public_key.is_a?(OpenSSL::PKey::EC)
+    puts "Certificate #{domains.first} on #{host} does not use ECDSA key type"
+  end
+
   digest = OpenSSL::Digest::SHA1.new
   certificate_id = OpenSSL::OCSP::CertificateId.new(certificate, issuer, digest)
   ocsp_request = OpenSSL::OCSP::Request.new.add_certid(certificate_id)