Generated pem files but cPanel Private Key (KEY) says "Invalid"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:dataperceptions.co.uk

I ran this command:wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/"

It produced this output: 4 files:
dataperceptions.co.uk-chain.pem
dataperceptions.co.uk-chain-only.pem
dataperceptions.co.uk-crt.pem
dataperceptions.co.uk-key.pem

The dataperceptions.co.uk-key.pem is as follows but CPanel "Private Key (KEY)" section says "The key is invalid" in the " Install an SSL Website" section:

[partial private key removed by moderator]

My web server is (include version): Apache 2.4.54

The operating system my web server runs on is (include version):linux (?? version)

My hosting provider, if applicable, is: Tsohost

I can login to a root shell on my machine (yes or no, or I don't know):IDK

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): CPanel 102.0 (build 24)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
A simple Windows ACMEv2 client (WACS)
Software version 2.1.23.1315 (release, pluggable, standalone, 64-bit)

1 Like

I removed the key as even a partial private key leak can compromise your security, but it looked like a normal PEM encoded RSA key to me, dunno why cpanel would reject it...

5 Likes

Please show the dates of these files:

3 Likes

You could just use CertSage to save yourself a lot of headache. :slightly_smiling_face:

4 Likes

what file you used as certficificate? Id try -crt file as test, while it would be result site not provide intermediate certficiate but would bypass problem if cpanel and win-acme uses different cert order in chain file.
@WouterTinus : a user of your client insist cpanel refused keyfile as invalid
not sure he's still watching this forum(last active this forum but he's still active on client repo.
client repository:

3 Likes

I can imagine one of two things going on:

  • win-acme used a slightly odd 3072 bit key size, you could try changing that to 2048 or 4096 bit.
  • win-acme offers users the option to protect the private key PEM with a passphrase, which some but not many certificate consuming applications support. If that option was used it should definitely be tried without.
3 Likes

Hi All,

OP here. I'd like to thank all the generous people who have taken the care and time to reply to my (newbie) question. Much appreciated, thank you.

I have now used Certsage.php to resolve my issue. Certsage.php is absolutely wonderful! Compared to win-acme (and no disrespect to win-acme) it is so incredibly simple to use. Makes a complex thing so simple, even I can use it!

Thanks again.

Pete

6 Likes

:partying_face:

Makes my heart sing to read your post!

7 Likes