How to get openssl rsa private key out of private_key.json

How to get a openssl genrsa compatible key out of the private_key.json which the official letsencrypt client creates (i.e., for using in e.g. )?


Use existing Let’s Encrypt key
Alternatively you can convert your key, previously generated by the original Let’s Encrypt client.
The private account key from the Let’s Encrypt client is saved in the JWK format. acme-tiny is using the PEM key format. To convert the key, you can use the tool conversion script by JonLundy:

Download the script
wget -O - “” >

Copy your private key to your working directory
cp /etc/letsencrypt/accounts/ private_key.json

Create a DER encoded private key
openssl asn1parse -noout -out private_key.der -genconf <(python private_key.json)

Convert to PEM
openssl rsa -in private_key.der -inform der > account.key

Have you followed those steps?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.