How to get the private key modulus

I'm having trouble to upload a new certificate to a hosting provider as it gets rejected as according to them the modulus of the cert and private key don't match. I created this certificate with certbot 2.1.0 on ubuntu 20.4 (WSL). I'm trying to figure out why this happens and I can get the modulus from the chain.pem

# openssl x509 -noout -modulus -in chain.pem
Modulus=BB [...] 8BDB15 

But I cannot get the modulus from the private key

# openssl rsa -noout -check -in privkey.pem
Not an RSA key

Could it be that the private key is not an RSA key?

Yes, the default certificate key type in Certbot 2.0.0 changed from RSA 2048-bits to ECDSA secp256r1.

If you have a requirement to use RSA, you can re-issue the certificate with --key-type rsa.


Thanks a lot! I had the feeling this was the case, but I couldn't find it in the docs.

Thanks again!!!


For future reference:


certbot --help all
  --key-type {rsa,ecdsa}
                        Type of generated private key. Only *ONE* per invocation can be provided at this time.
                        (default: ecdsa)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.