Generated pem files but cPanel Private Key (KEY) says "Invalid"

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:wacs.exe --renew --baseuri ""

It produced this output: 4 files:

The is as follows but CPanel "Private Key (KEY)" section says "The key is invalid" in the " Install an SSL Website" section:

[partial private key removed by moderator]

My web server is (include version): Apache 2.4.54

The operating system my web server runs on is (include version):linux (?? version)

My hosting provider, if applicable, is: Tsohost

I can login to a root shell on my machine (yes or no, or I don't know):IDK

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): CPanel 102.0 (build 24)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
A simple Windows ACMEv2 client (WACS)
Software version (release, pluggable, standalone, 64-bit)

1 Like

I removed the key as even a partial private key leak can compromise your security, but it looked like a normal PEM encoded RSA key to me, dunno why cpanel would reject it...


Please show the dates of these files:


You could just use CertSage to save yourself a lot of headache. :slightly_smiling_face:


what file you used as certficificate? Id try -crt file as test, while it would be result site not provide intermediate certficiate but would bypass problem if cpanel and win-acme uses different cert order in chain file.
@WouterTinus : a user of your client insist cpanel refused keyfile as invalid
not sure he's still watching this forum(last active this forum but he's still active on client repo.
client repository:


I can imagine one of two things going on:

  • win-acme used a slightly odd 3072 bit key size, you could try changing that to 2048 or 4096 bit.
  • win-acme offers users the option to protect the private key PEM with a passphrase, which some but not many certificate consuming applications support. If that option was used it should definitely be tried without.

Hi All,

OP here. I'd like to thank all the generous people who have taken the care and time to reply to my (newbie) question. Much appreciated, thank you.

I have now used Certsage.php to resolve my issue. Certsage.php is absolutely wonderful! Compared to win-acme (and no disrespect to win-acme) it is so incredibly simple to use. Makes a complex thing so simple, even I can use it!

Thanks again.




Makes my heart sing to read your post!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.