I ran this command: openssl rsa -in privkey.pem -out radio.legendofdragoon.org.key
It produced this output: Not an RSA key
My web server is Apache 2.4.58.
The operating system my web server runs on is Linux Ubuntu 24.04.4 LTS.
My hosting provider is Hostinger.
I can login to a root shell on my machine: Yes.
I'm using a control panel to manage my site: No.
The version of my client is: Certbot 5.4.0.
Hi there! I'm thankful to have years of free SSL support from Let's Encrypt.
My goal is to follow instructions for installing Azuracast - a radio broadcasting service. I'm on this step where I must convert Certbot's provided privkey and chain into new files which Azuracast/Icecast can work with. However, while the chain is converted successfully, the privkey fails.
I cannot tell if this is an issue with Certbot or Azuracast('s docs). I have reported this in Azuracast discussion spaces, but felt I should inquire here just in case. I could not find prior threads on this specific failure.
Thanks in advance for any guidance. Happy to provide more info if needed.
Since certbot has used ECDSA keys by default for many years now, that sounds like a reasonable response from a command started with openssl rsa. If you really need an RSA key, you will need to instruct certbot to make and use one.
I'm not familiar with that product, but those instructions look to be for "Using a Custom Certificate". I think what you want to do is the built-in integration described earlier in the page instead that just handles everything automatically, instead of trying to add certbot for some reason.
@linkp Thanks for the quick reply. I didn't realize certbot could produce RSA keys natively! Perhaps that would solve the need for conversion - I'll give it a try and report back.
@petercooperjr I appreciate the intuition, but that solution would in fact be more laborious for my situation. I would've gone that route if I could. Thank you anyways!
Basically this command would just copy privkey.pem to radio.legendofdragoon.org.key? Why are you doing that through openssl?
In general, it's better to avoid the legacy – and obviously RSA-specific – openssl rsa subcommand for key manipulations, and use the newer and algorithm-agnostic openssl pkey subcommand instead.
Edit: so it looks like Azuracast's docs are quite outdated, assuming certificates are always RSA...
Well, the docs also say "Icecast expects an RSA private key", so it may be that the docs are accurate and the cryptographic system it uses is just outdated.
More likely that statement was added precisely due to the openssl rsa command in their procedure, and the error it gives when facing anything else than RSA.
