How can I generate a certificate with a 2048 bit private key?

I have a free host from my website and it seems that it allows ssl certificates but as I have seen the key must be 2048 bits as I can generate a certificate like this??

Hi @colcrt,

What kind of hosting environment is this? What kind of interface do you use to administer your hosting account? Do they offer a control panel or other interface that might already have Let’s Encrypt integration, or just a way of importing certificates that you obtain elsewhere?

hi, @schoen if the host have cpanel this ->

With a host with cPanel, you should be able to use the AutoSSL feature in cPanel and ask the host to enable it if it’s not enabled. This feature offers built-in Let’s Encrypt support from within cPanel.

is a free host, for various reasons they do not, so I was wondering if it is possible to create a 2048 bit certificate and key

Sure, you can use any third-party software to do that:

You’ll need to recreate the certificate at least every 90 days.

The easiest option may be web-based clients, like

I already tried zerossl but could not generate a 2048 bit key

I think ZeroSSL defaults to a 4096-bit key. Is there a particular reason this won’t work for you? Usually the concern is going lower than required, not higher. You can overcome this by using your own CSR instead of letting it generate one for you, of course.

hi @jared.m what happens is that the cpanel (free host) only allows you to upload keys of 2048 bits; how could generate a csr and key of 2048 bits valid for zerossl?

Hm, given how you’re using this that might be a bit tricky. The “correct” way would be to use openssl or an equivalent tool, but I suspect that you don’t have shell access given how you’re issuing this certificate in the first place. Windows also has the ability to do this, but it’s not at all simple to get the key into a usable form through Windows.

I think your best bet would be to use an online generator. I don’t know of any off the top of my head, but this one looks pretty decent:

It lets you use an existing certificate to help fill out the fields as well, in case you’re worried about how to fill them out. (You could import a certificate made already with s 4096-bit key, for instance.)

There’s also one at

The best thing to do would be to generate the CSR in CPanel itself:

This way the key doesn’t leave your server and you know CPanel will be happy with it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.