Getting a RSA privkey from the letsencrypt generated pem

My domain is:

I ran this command:
certbot certonly --manual and sudo openssl rsa -in privkey.pem -out privkey.pem.rsa.key

It produced this output: 4664702464:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:crypto/evp/p_lib.c:474:

Hi first time using letsencrypt, and basically doing ssl on my own. I was able to generate and create certificates for a micro service for a server instance I could ssh into. However, I need to create a cert for a Aliyun OSS bucket. I went through the process but the privkey.pem is invalid as it appears it needs to be RSA. I search the internet for solutions and many have said openssl would be able to convert my privkey, but I received the error above.

I am stumped right now. Is it possible for certbot to produce privkey already in RSA format? Anyone have experience with this error? I am running openssl 1.1.1 on OSX 12.6.

Hi @adamatronix, and welcome to the LE community forum :slight_smile:

The private key is (normally) RSA by default.
If you can show the public cert.pem file, we can confirm which type it is.
Also, maybe showing the error message shown by the Aliyun OSS bucket may be helpful too.


@adamatronix What version of certbot is being used?

@rg305 didn’t the latest version switch default key formats?


Thus the "(normally)" in my post and also from visually reviewing [where I saw only rsa 2048 certs having been issued for "mailserver"].


Yes, Certbot 2.0.0 defaults to ECDSA. Although I concur with Rudy here: all certs on from in 2022 were RSA certs.

@adamatronix I'm not sure what your OpenSSL command would achieve. The input is already a private key and the output is also a private key? A rename or copy action would be the same I think :roll_eyes:


I am using certbot 2.0.0

1 Like

This first screen is where I enter the cert and key content. I notice that the prompt says "BEGIN (RSA|EC) PRIVATE KEY" which the key file I have does not have either RSA or EC. Could that be an issue?

Lastly the error message I received says "Use the PEM format to encode the public and private keys". That's it. Not sure if this means anything to you guys.

@Osiris so you confirmed my certs are rsa? Should I still post my cert.pem file?

I should note I copy and pasted my key and cert since the letsencrypt files were aliases.

@Osiris is confirming your already issued certs use an RSA key (see |

Any new keys generated by Certbot, as you now use Certbot 2.0, will be EC keys. You can specify RSA with a commandline flag.

Running the OpenSSL commands for a RSA key on a EC key would likely result in an empty or malformed file, if anyone was generated at all. You should not need to run any OpenSSL conversions on the keys generated by Certbot to use that control panel.


What is the first line of the key? Does it even start with "BEGIN" (with some dashes in front of it)? Note that you should never post the actual contents of the private key! But the first and last line should be humen readable non-secret stuff.


Yeah, this might be a PKCS1 vs PKCS8 issue. Certbot outputs the key as PKCS8, but the app is expecting PKCS1?

You can convert an RSA key from PKCS8 to PKCS1 using the following openssl command:

openssl rsa -in privkey.pem -out privkey.pkcs1.pem

my key starts with -----BEGIN PRIVATE KEY----- and ends with -----END PRIVATE KEY-----

I tried your command @rmbolger and got:
4728321536:error:0607907F:digital envelope routines:EVP_PKEY_get0_RSA:expecting an rsa key:crypto/evp/p_lib.c:474:

I found some documentation on their site:

Instructions say "Before you upload an RSA private key, run the openssl genrsa -out privateKey.pem 2048 command on your on-premises machine to generate a private key." I tried doing this, but it says my certificate and private key do not match.

That makes sense. The documentation falls short in their explanation. If you generate a random private key, you should use that same private key in the entire process.

But there is no good reason not to use the private key generated by Certbot. It's just very weird your OpenSSL doesn't work. I'm running OpenSSL 1.1.1 too and it can perfectly read the private keys generated by Certbot.

It's still possible you're dealing with an ECDSA certificate. How many lines does the private key have? Just a few like 5 or 6? Or like 20-30?


Yeah, I'm guessing that what happened is certbot got upgraded to version 2, and how whatever manual process they're using is working means that certbot is seeing it a new certificate each time (so not keeping the key type from last time), so now that certbot is using ECDSA keys by default their process doesn't work anymore.

So just adding --key-type rsa to the command they're using to generate the key with certbot should be all that's needed.

(Though really all that's needed is fixing whatever broken manual process only works with RSA keys…)


Clarifying what others shared above:

This workflow is used to generate a new unique private key. It is only utilized if you are providing Certbot, or another ACME client, with a pre-generated private key to use for the Certificate Signing Request (csr) — and eventually be used in the Certificate. Certbot, and most clients, will generate their own private key by default.

A Certificate is cryptographically bound to the Private Key used to generate its CSR, and can only be used with that key. No key generated after obtaining a Certificate can be compatible with it. If you want to generate your own private key, you must do so before running Certbot (or any ACME client) and you must instruct that client to use your pre-generated key.

  • I think certbot accepts pregenerated keys, I am not sure.
    ** anything is possible, but the odds of randomly generating the same key used to obtain a Certificate are astronomically improbable.

@petercooperjr Certbot would ask if it changes the key type:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
An RSA certificate named keytypetest already exists. Do you want to update its
key type to ECDSA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate key type/(K)eep existing key type: 

Maybe OP pressed "U"?

Pressing "K" results in a RSA key, so no bug in Certbot there.


Certbot will prompt you to change the key type only if the certificate already exists (i.e. you are creating a new certificate of the same name).

If it is a new certificate, Certbot will silently default to ECDSA. If this isn't suitable for your workflow, use --key-type rsa.


Thanks for all the help. I will run through the certbot generation process again. Will try to use the flag --key-type rsa. Also I am doing "certbot certonly --manual" should I be something else?

Yes the private key generated by certbot is only 5-6 lines.

1 Like

Ok adding the key-type rsa flag allowed me to upload the certificate properly. It seems to be working.

1 Like

Yes, if you plan on automating the renewals.