From 0d1f9edf3fb57b901da0c2f21cd593b4f683e2ba Mon Sep 17 00:00:00 2001
From: Joe Bauser <coderjoe@coderjoe.net>
Date: Mon, 17 Nov 2025 15:24:40 -0500
Subject: [PATCH] README.md clarify keylength arg and ECC default

Reorder and reword small portions of the keylength documentation and
make the ECC cert default explicitly stated in part 2 to avoid
confusion.

Fixes #6590
---
 README.md | 37 ++++++++++++++++++-------------------
 1 file changed, 18 insertions(+), 19 deletions(-)

diff --git a/README.md b/README.md
index 6953cc71..05656044 100644
--- a/README.md
+++ b/README.md
@@ -208,6 +208,8 @@ The certs will be placed in `~/.acme.sh/example.com/`
 
 The certs will be renewed automatically every **60** days.
 
+The certs will default to ECC certificates.
+
 More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
 
 
@@ -359,27 +361,11 @@ Ok, it's done.
 
 **Please use dns api mode instead.**
 
-# 10. Issue ECC certificates
+# 10. Issue certificates of different key types and lengths (ECC or RSA)
 
-Just set the `keylength` parameter with a prefix `ec-`.
+Just set the `keylength` to a valid, supported, value.
 
-For example:
-
-### Single domain ECC certificate
-
-```bash
-acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256
-```
-
-### SAN multi domain ECC certificate
-
-```bash
-acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength ec-256
-```
-
-Please look at the `keylength` parameter above.
-
-Valid values are:
+Valid values for the `keylength` parameter are:
 
 1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)**
 2. **ec-384 (secp384r1,  "ECDSA P-384")**
@@ -388,6 +374,19 @@ Valid values are:
 5. **3072   (RSA3072)**
 6. **4096   (RSA4096)**
 
+For example:
+
+### Single domain with ECDSA P-384 certificate
+
+```bash
+acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-384
+```
+
+### SAN multi domain with RSA4096 certificate
+
+```bash
+acme.sh --issue -w /home/wwwroot/example.com -d example.com -d www.example.com --keylength 4096
+```
 
 # 11. Issue Wildcard certificates