BUG/MINOR: specification: acme: drop RSA-only bits minimum

aiharos · Gopher Bot · commit bd27cf25b6c8 · 2026-05-12T09:49:33.000Z
The bits field on acme providers is documented as the number of bits
used to generate an RSA key, but the schema enforced minimum: 1024
unconditionally. HAProxy ignores bits when keytype is ECDSA (curves
is used instead), so the validation incorrectly blocked configurations
that set bits to ECDSA-typical sizes like 256 or 384.

Drop the minimum and clarify the description so the field's role
across both key types is unambiguous.
diff --git a/models/acme_provider.go b/models/acme_provider.go
diff --git a/specification/build/haproxy_spec.yaml b/specification/build/haproxy_spec.yaml
@@ -11915,8 +11915,7 @@ definitions:
           type: string
         description: List of variables passed to the dns-01 provider (typically API keys)
       bits:
-        description: Number of bits to generate an RSA certificate
-        minimum: 1024
+        description: Number of bits used when generating an RSA certificate. Ignored when keytype is ECDSA (curves is used instead).
         type: integer
         x-nullable: true
         x-omitempty: true
diff --git a/specification/models/configuration/acme.yaml b/specification/models/configuration/acme.yaml
@@ -23,8 +23,7 @@ acme:
         type: string
     bits:
       type: integer
-      description: Number of bits to generate an RSA certificate
-      minimum: 1024
+      description: Number of bits used when generating an RSA certificate. Ignored when keytype is ECDSA (curves is used instead).
       x-omitempty: true
       x-nullable: true
     challenge:
