I was able to create Let’s Encrypt SSL for a few domains right now, mainly using a plugin for ISPConfig with executes LetsEncrypt official client.
But I always need to try generating SSL a lot of times, because apache crashes in “emergency error”, with
X509_check_private_key:key values mismatch. Looking at MD5 hashes I can see they don’t match.
openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5
After trying more times I can get certificates eventually with same key values, or I get blocked by Let’s Encrypt limits.
To try again I removed
/etc/letsencrypt/live|archive|renewal/[domain], I don’t know if this is the right procedure since I don’t have a valid key pair.
key values mismatch can prevent Apache from restart, It will be a good precaution to implement this validation if its is already doing that.
At least for me, I never got a valid key pair in the first attempt using the mentioned plugin.