Mozilla recommends ECDSA (P-256) as certificate type for intermediate compatibility.
ECDSA certificates are recommended over RSA certificates, as they allow the use of ECDHE with Windows 7 clients using Internet Explorer 11
Most modern browsers will use cipher suites with the ECDSA certificate. Older browsers will select the RSA certificate and a RSA cipher suite.
It will create two Let’s Encrypt certificates:
- EC 256 bits (SHA256withRSA)
- RSA 4096 bits (SHA256withRSA)
Without this change all the ECDSA cipher suites defined in https://github.com/discourse/discourse_docker/blob/12f501764f57c827e497eb6fb88e98f8c3c468e6/templates/web.ssl.template.yml#L22 won’t work. With the new certificate all cipher suites will work and browsers like IE11 on Windows 7 and Windows 8 will work too.