I have two problems.
I successfully issued a certificate but the acme client used the wrong private key What I have done wrong here?
2015-10-22 19:35:57,830:DEBUG:letsencrypt.cli:Arguments: ['--agree-dev-preview', '--key-path', '/tmp/DOMAIN1.key', '--server', 'https://acme-v01.api.letsencrypt.org/directory', '--agree-tos', '-d', 'DOMAIN1.de', '-d', 'www.DOMAIN1.de', '-d', 'DOMAIN2', '-d', 'www.DOMAIN2', 'auth']
But the privatekey is different it should be
/tmp# openssl rsa -in DOMAIN1.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 writing RSA key OScZJ5fDgNuqNqo+xHrDKxVJokWioxTiDFT5gstFios=
The privatekey the client saved in the live folder is a different key
/etc/letsencrypt/live/DOMAIN1# openssl rsa -in privkey.pem -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 writing RSA key fUKt6ELVayGZqyZnI6EZFVL+WfImEwW1v++HJdrRZk4=
I use hpkp and with this my site won’t work. And why I have to whitelist any subdomains? I tried git. and cdn. and got the error that the domain isn’t whitelisted
I tried the staging site to test the client and couldn’t bring it to verify the challenges but my ip became not blocked. But on the live api my ip and the whole /29 inetnum are blocked.
The Account id is 80d0aabb72ed307595e8a00b3f93a266