Domain.key and private.key difference

I used to issue certificate from
But I am getting error as :- “Error: Account contact update failed. Please start back at Step 1. { “type”: “urn:ietf:params:acme:error:invalidEmail”, “detail”: “Unable to update account :: contact email “xxxxxx@yyy” has invalid domain : Domain name is an ICANN TLD”, “status”: 400 }”
So we communicated with our network team. They asked us to change the website we use to issue free certificate.
So then I have issued certificate from
I am naive user regarding all this web-server and this certificate issuing task.
when I have issued certificate from I have got 3 things private.key,ca_bundle and certificate.crt.
whereas in I used to get domain.crt and intermediate.pem.
So here comes my main concern that previously I used to copy domain.crt, domain.key and intermediate.pem. at specific location to read by apache. But this time on I did not get domain.key So I really don’t know form where to get it.
So please guide me in this case. But I have did one trick that I have renamed private.key to domain.key, So also tell me that whether it will work or not.

Hi @sanketr27

certificate.crt -> domain.crt

intermedia = ca_bundle - should contain the certificate.crt and the Letsencrypt intermediate certificate.

Check the content of these files, these are simple text files.

1 Like

yes I did that.
I have followed instructions given on that website, to create intermediate.pem from ca_bandle. also figured out that certificate.crt is domain.crt.
But I want to know that what exactly domain.key is.
I have renamed private.key as domain.key, but it was a blind shot. I really don’t know whether it will work or not, And what change it dose make.

Check the content. May be the private key (so don’t share it). The first line has the information.

1 Like

I have checked it now, It contain random alphabates in upper and lower case and some numbers also.



If these two lines are missing: Try to add these - at the start and the end.

PS: The other files should contain


These two lines are present there.
But the text present in between these lines is not readable, I mean to say combination of the upper and lower case letters with numbers, which do not form any readable sentence or a word.


expected, that’s base64 of the private key.

So please tell me how I suppose to get information from that.
I mean you have told me to check private.key content to see information within it.

You have all you need. So use it. Private key, public key, intermediate certificate.

Ok sir.
I only want to be sure about that, renaming private.key as the domain.key won’t make any trouble in secure site search.
Cause I really don’t know what dose domain.key or private.key dose.
And in my configuration files path for domain.key is specified. So I did it accordingly.
Sorry may be I am asking stupid question.
But please only make me clearly understand it.
I have redhat 7 , apache 2.4 on my webserver.
and by default in ssl.conf file there was 3 files there domain.crt, domain.key and intermediate.pem, among which domain.key and intermediate.pem I obtained. And to fullfill domain.key requirement I have renamed provate.key as domain.key.

Hi @sanketr27, welcome to the community forum :wave:

That error is caused by using an invalid email address as your ACME account contact. E.g. something like cpu@com. Rather than change from using to as your IT team recommended you might want to try checking whether you gave the wrong contact email address.

1 Like

The file names are completely unrelevant.

Looks like different online tools (I’ve never used these) create different file names.

I think, that’s correct. But I don’t use such a system, so try it or check the documentation of that environment. If it’s wrong, it will not work :wink:


No, I am sure about the email address given.
I am using same email address every time.

1 Like

Perhaps you could consider opening a bug report with the GetHTTPSForFree developers in this case. The error you shared could only occur if the contact email provided to the tool was malformed, or if the tool somehow malformed it before sending it to Let’s Encrypt in a new account request.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.