Since I’m not sure which category it belongs in if you want to talk about improvements, I’ll post it here. If it is wrong please move it.
I would like to talk about discourse_docker/templates/web.letsencrypt.ssl.template.yml at main · discourse/discourse_docker · GitHub.
First of all, I wonder why there are 2 variables in the template “${LETSENCRYPT_DIR}” and $$ENV_LETSENCRYPT_DIR. This harbors the potential that the paths could differ.
Then why an RSA4096 is generated, I don’t know of any browser that doesn’t already support ECDSA P-384.
Finally, I would add --server letsencrypt to the issue_cert command, for security reasons.