I created a certificate using https://zerossl.com/free-ssl/#crt. I was able to validate and create certificate perfectly. Now I am importing this certificate into godaddy account using SSL manager but I am stuck because it is asking me for private key. I tried account.key provided by https://zerossl.com/free-ssl/#crt that did not work. I created one private key using key manager that even did not work. Says does not match. Now what should I do? I need domain key without that it is not proceeding.
Please note that if a key or a CSR has been generated, then clicking "Next" will not let you move to the next screen until you either download or copy newly created key/CSR
Did you get prompted and save the private key when you generated the key / csr / cert ?
If not I suggest contacting zerossl ( although perhaps @leader may be able to help )
@rajanrawal, the account key and domain key are separate and distinct keys. The ZeroSSL process should have prompted you to save both of them; do you remember if that’s the case and whether you have both files?
If you don’t, there is nothing you can do with that certificate at this point; it would be a bug in ZeroSSL or a mistake in how you used it.
There are actually 3 keys in play for an issuance of a SSL Certificate
A) Your account key. This is what you use to authenticate against Lets Encrypt
B) A CSR key. You don’t see this or need this as ZeroSSL takes care of that
C) A Private Key for the domain
D This can be easy to miss sometimes so when the certificate is issued you should have downloaded two files
A) If you still have the CSR and your Account Key (A) paste both into ZeroSSL and I am not sure on the internals but I believe lets encrypt will let you re-download the Domain Key (there may be a timeout period)
B) Revoke the certificate and then reissue it again for the domain. You can’t revoke using ZeroSSL but you will be able to reissue the certificate that way. You will need your account key to revoke the certificate and create a new request.
In fact they only asks for domain or CSR. If you provide only CSR they are ready to go for next step. They for key they if you have letsencrypt key otherwise leave it blank. if we leave it blank then their create one for us.
As it was said above, there are more than one key. It is likely that there is a confusion between those, so let me elaborate a bit:
On the first step (the “Details” screen) the key is the LE account one.
On the last step, if you had CSR generated for you on the “Details” screen, there will be a certificate and a domain key to use with that certificate - this is what you need to use while installing/importing the certificate on your server.
Now it is important to remember that if you are using the CSR made earlier or created by other means, the “Certificate” screen will only show the certificate itself but not the domain key, because this is what you have already from earlier or from your own process of CSR generation.
If you have not downloaded the domain key on the last step or if you misplaced it, the easiest way to recover from this is to redo the process using the same LE key as you used originally but let new CSR to be generated. Since you have verified the domain already, you will be taken straight to the “Certificate” screen with both the certificate and the domain key (please note that it will be updated certificate, so download it too).