My Privkey seems small

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:certbot certonly

It produced this output:all ok

My web server is (include version):ICECAST media server

The operating system my web server runs on is (include version): Windows2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes Administrator

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.6.0

I have Certbot on 3 windows servers for use with Icecast. But the privkey file returned is 241bytes. On my other servers it is more like 2 or 3K Full and priv concatenated together should be about 8K and I have only 6K so looks like my PRIV is too small. I have renew, but same size. How can I fix this?


Very likely on the other server the key type is RSA and on this server is key is ECDSA kind. They have big difference in size.


I have installed certbot in the same way, so how can I swap to RSA? PEM files are needed.

Thanks for the help.


1 Like

Just to try to explain a bit more, there are two common methods of cryptography: RSA and ECDSA. RSA is much older and is supported everywhere. ECDSA is newer, smaller (and thus often faster), and is supported almost (but not quite) everywhere.

Certbot 2 defaults to making ECDSA keys, because that's what most people should be using now.

There's nothing broken that you've described.

Pass --key-type rsa to certbot. But only do this if you actually need to support RSA systems. Almost everything should handle ECDSA now, unless it's really old.


The default key type is changed from RSA to ECDSA with version upgrade. The pem is just encoding, in which format the key is stored.



Thanks Peter, Worked as it should.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.