This question is probably so mind-numbingly simple that no one has had to ask it… but… how exactly do I get the public key?
Most of the instructions I find online assume you’ve been sent the keys in an email. I’ve managed to follow half a dozen different step-by-step instructions to eventually, painstakingly, generate a private key, and can copy/paste it from the virtual console into the appropriate field (on Google App Engine), but it also needs a “PEM encoded X.509 public key certificate”.
Where the heck do I get this? Like, quite literally, what do I type into the virtual console? It says that it saved it at “/etc/letsencrypt/live/[REDACTED].com/fullchain.pem” but if I paste that (the real version) into the console it just says “access denied”.
I’ve searched here and Google but I may as well be searching for “how to drink water from a cup”, or something equally obvious which no one is talking about. :_(
The certificate (with the public key in it) is at “/etc/letsencrypt/live/[REDACTED].com/cert.pem”
The fullchain.pem you’re referring to also has the intermediate certificate embedded into it.
Yes that’s the file that I want to download, and I haven’t been able to find any instructions on how to do so. I only copy-and-pasted the private key from the virtual console output, which looks something like this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
You probably want to run:
sudo cat /etc/letsencrypt/live/[REDACTED].com/fullchain.pem
This will print out two certificates: The first one is your certificate and one is the “chain” or “intermediate.” The software you need to install it into will either accept both in a single field, or will expect them as two separate fields.
Woohoo thanks! It works! I got a green lock and everything!
I have a similar question regarding this public key thing. See the docs for auth0/node-jsonwebtoken, specifically sign() and verify().
sign() requests a private key and uses .key in the example. I have seen .pem supplied before. In the context of Let’s Encrypt, I assume this would be
verify() requests a public key. I have no idea what the heck this is within Let’s Encrypt.
That's a different thing than certificates. It's just a plain PKI process, kinda like GPG. You can easily make your public and private keys using OpenSSL for that purpose.