[Ayesh]

LetsEncrypt now has an ECC root and intermediates. You have to request the account ID to be included, and after which, the intermediate and root certificates will be ECC. More information here: https://community.letsencrypt.org/t/ecdsa-availability-in-pr...

[netheril96]

The alternative you suggest has a longer chain of certificates, and more difficult setup. Using ZeroSSL is way easier with less bytes on the TLS handshake.

[Ayesh]

Do you have a test host with the Zerossl chain that you speak of? Use https://aye.sh if you want to try a host using the ECC chain from LE.

[netheril96]

So the article is outdated I guess. The length of the chain is the same now.

I'll consider switching back to Let's Encrypt once this setup doesn't require a whitelist.