It's most likely to be Fly-specific, but you could replicate this behavior with passing appropriate to tls.Config#GetCertificate (https://golang.org/pkg/crypto/tls/#Config). You could then have something like that :

  GetCertificate: func(helloInfo *tls.ClientHelloInfo) (*tls.Certificate, error) {
  	return myGetCertificateImplementation(checkClientSupportForECDSA(helloInfo))
  }

You would see what curves/ciphersuites are supported by the client and check that against what you'd be supporting (if you use LE than that's more than likely going to be ECDSA with P-256). You would then return ECDSA cert (if one exist) for supporting clients and fallback to RSA certs. :boom: :D

Thanks, cheers.