Found the certs/keys under data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/<mydomain>
While digging deeper I found out that the keys are much shorter than I am used to and use elliptic curve cryptography, which I haven’t heard of before. How do they differ from the usual RSA keys and are they as secure?
And whilst the keys being shorter than usual, the certs seem to be not shortened - why is that the case?
RSA vs ECC is a big topic. In general, yes ECC keys are “more secure” but it’s all kinds of complicated math to explain why (it’s really more that it’s more efficient, not necessarily more secure; both are still quite secure). I recommend you do your own research on this topic, Google will explain better than I could on short notice Here’s a relevant answer:
Certificates themselves just store a bunch of metadata like what site it’s for, how long it’s valid, who the certificate authority that signed it is, and ultimately, the public key portion of your key-pair (the key file has the private key, and you can calculate the public part from the private key with ECC; I don’t remember if that property holds as well with RSA, I’ve studied ECC more recently). Essentially the CA takes your CSR (certificate signing request) which contains your public key and the site you want to issue a cert for, etc, then digitally signs (bunch of math) using their super-secret private key. Anyone who knows the CA’s public key (which can be found in the root CA cert) can verify that they, and only they, signed your certificate to prove that it’s good.
All that’s to say, the only bit that changes in your certificate is the public key portion which is just one small part of the certificate. I’m pretty sure that ECC public keys are shorter, but you won’t notice the length difference as much because it’s part of all kinds of other data.
Probably my favourite cryptography videos in terms of explaining in simple terms are those from Computerphile: