The certbot defaults now to create EC key instead of RSA. If you cannot supplement the keytool to support EC keys, then still there is a way to tell certbot via the appropriate flag to generate RSA key.
3 Likes