efa-project.org

Ever since installing and migrating to EFA 5, a handful of sending servers were unable to establish a TLS connection due to an inability to match ciphers.

Apparently the LetsEncrypt SSL certificate that was issued with the EFA scripts had a key type of ECDSA and not RSA.

I managed to get around this issue by changing the value
to
in the cert renewal conf file located at /etc/letsencrypt/renewal/

Once changed, I forced a cert renewal.

Now RSA based tls ciphers are supported.

Let's Encrypt must've started defaulting to ecdsa. I wonder if I need to add an option for this.

According to Cerbot...

The type of key used by Certbot can be controlled through the --key-type option. You can use the --elliptic-curve option to control the curve used in ECDSA certificates and the --rsa-key-size option to control the size of RSA keys.