How to get openssl rsa private key out of private_key.json


#1

How to get a openssl genrsa compatible key out of the private_key.json which the official letsencrypt client creates (i.e., for using in e.g. https://github.com/diafygi/acme-tiny/ )?


#2


shows:

Use existing Let’s Encrypt key
Alternatively you can convert your key, previously generated by the original Let’s Encrypt client.
The private account key from the Let’s Encrypt client is saved in the JWK format. acme-tiny is using the PEM key format. To convert the key, you can use the tool conversion script by JonLundy:

Download the script
wget -O - “https://gist.githubusercontent.com/JonLundy/f25c99ee0770e19dc595/raw/6035c1c8938fae85810de6aad1ecf6e2db663e26/conv.py” > conv.py

Copy your private key to your working directory
cp /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory//private_key.json private_key.json

Create a DER encoded private key
openssl asn1parse -noout -out private_key.der -genconf <(python conv.py private_key.json)

Convert to PEM
openssl rsa -in private_key.der -inform der > account.key


Have you followed those steps?