I'm having trouble to upload a new certificate to a hosting provider as it gets rejected as according to them the modulus of the cert and private key don't match. I created this certificate with certbot 2.1.0 on ubuntu 20.4 (WSL). I'm trying to figure out why this happens and I can get the modulus from the chain.pem
# openssl x509 -noout -modulus -in chain.pem
Modulus=BB [...] 8BDB15
But I cannot get the modulus from the private key
# openssl rsa -noout -check -in privkey.pem
Not an RSA key
Could it be that the private key is not an RSA key?
Yes, the default certificate key type in Certbot 2.0.0 changed from RSA 2048-bits to ECDSA secp256r1.
If you have a requirement to use RSA, you can re-issue the certificate with
Thanks a lot! I had the feeling this was the case, but I couldn't find it in the docs.
For future reference:
certbot --help all
Type of generated private key. Only *ONE* per invocation can be provided at this time.