How to get the private key modulus

leakyhuman · January 12, 2023, 8:44pm

I'm having trouble to upload a new certificate to a hosting provider as it gets rejected as according to them the modulus of the cert and private key don't match. I created this certificate with certbot 2.1.0 on ubuntu 20.4 (WSL). I'm trying to figure out why this happens and I can get the modulus from the chain.pem

# openssl x509 -noout -modulus -in chain.pem
Modulus=BB [...] 8BDB15

But I cannot get the modulus from the private key

# openssl rsa -noout -check -in privkey.pem
Not an RSA key

Could it be that the private key is not an RSA key?

_az · January 12, 2023, 8:48pm

Yes, the default certificate key type in Certbot 2.0.0 changed from RSA 2048-bits to ECDSA secp256r1.

If you have a requirement to use RSA, you can re-issue the certificate with --key-type rsa.

leakyhuman · January 12, 2023, 8:50pm

Thanks a lot! I had the feeling this was the case, but I couldn't find it in the docs.

Thanks again!!!

Osiris · January 12, 2023, 9:02pm

For future reference:

https://eff-certbot.readthedocs.io/en/stable/using.html#rsa-and-ecdsa-keys

And:

certbot --help all
(...)
  --key-type {rsa,ecdsa}
                        Type of generated private key. Only *ONE* per invocation can be provided at this time.
                        (default: ecdsa)
(...)

system · February 11, 2023, 9:02pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.