Certbot trying to change certificates and complaining

My domain is: sunset-pines.com

I ran this command: sudo certbot certonly --manual --preferred-challenges dns -d www.sunset-pines.com -d sunset-pines.com

It produced this output:
Are you trying to change the key type of the certificate named sunset-pines.com from ECDSA to RSA? Please provide both --cert-name and --key-type on the command line to confirm the change you are trying to make.

My web server is (include version): httpd-2.4.37-65.module+el8.10.0+22756+938009b1.3.x86_64

The operating system my web server runs on is (include version): RHEL 8.10

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.22.0

I've always used the same command to renew the certificate for this domain. This time, it's asking me if I'm trying to change the keytype from ECDSA to RSA. I'm not trying to change anything, just renew. No idea what changed.

Weren't you using the snap install? You should be on V3.x with that.

It is odd to see a warning about switching from ECDSA to RSA. Usually it is other way around.

My guess is it has something to do with downgrading your version. I think it was Certbot 2.x that changed the default to ECDSA from RSA.

I'd done dnf install certbot. Found the install instructions and followed that. Now I get:

[joliver@leaf ~]$ sudo snap install --classic certbot
error: cannot communicate with server: Post "http://localhost/v2/snaps/certbot": dial unix /run/snapd.socket: connect: connection refused

I'm guessing another SELinux issue? Why is this suddenly so problematic? I've had and used certbot for quite some time now, but now I get nothing but trouble.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.