Error adding cert, Invalid private key


I generated a cert (manual, cert-only) for my personal sited hosted with Dreamhost. Generation was successful, however, when I tried to install it I got an error that said my private key was invalid. Just for the record, I also had to change the BEGIN and END lines, since DH’s setup looks for the phrase “-----BEGIN RSA PRIVATE KEY-----” and “-----END RSA PRIVATE KEY-----” and won’t accept a key that doesn’t have those phrases.

Anyone got LE to work on DreamHost? If so, how?


Were there header and footer lines before? If so, what were they? How did you generate the key?


You need to convert your privkey.pem to RSA format. You can do that with openssl

sudo openssl rsa -inform pem -in /etc/letsencrypt/live/ -outform pem | less

Command will print (not store) your RSA key which you can copy/paste to DH panel.



That got it going. Now to set a reminder to renew it every 90 days!


Another gotcha for DreamHost users: the panel’s ‘Manual configuration’ area shows boxes for Certificate, Private Key, and Intermediate Certificate… but just pasting the converted-to-RSA privkey.pem into Private Key and fullchain.pem into Certificate makes browsers give “sec_error_unknown_issuer” type errors, because each box drops everything after the first -----END CERTIFICATE----- on save.

Pasting cert.pem into Certificate and chain.pem into Intermediate Certificate does work properly. Testing the newly secured domain at is a helpful sanity check — if the test fails and tells you you should be using what’s in chain.pem, you’ll know something wasn’t pasted correctly or the changes haven’t pushed yet.



I’ve generally avoided doing the full chain file when I’ve used certs in the past because of issues like this…but it’s helpful info for others who might not realize what’s going on and wonder why it’s not working.


Thanks this helped me on Media Temple as well. It kept giving me a key error, but they didn’t specify anywhere that they needed an RSA format pem file.