I run the command, and supposedly I get the .pem files (cert, chain, fullchain and privkey), when installing in the domain admin panel, I get the following message:
"Error: Install SSL Let's Encrypt
The MODULUS of the certificate files (key and crt) do not match."
and I don't know what the problem could be, I would appreciate the help in this regard.
My domain is:
I ran this command: sudo certbot certonly --manual --agree-tos -d
xperticia.com -d '*.xperticia.com' --rsa-key-size 4096
It produced this output: fullchain.pem 5.3 Kb y privkey.pem 241 bytes
My web server is (include version):
The operating system my web server runs on is (include version): Linux 3.10.0-1160.62.1.el7.x86_64
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): NO
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ferozo
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): 2.3.0
Since version 2.0, Certbot issues ECDSA certificates by default.
Based on the error message:
it sounds like your hosting platform does not support ECDSA certificates.
So, you will need to re-issue your certificate as an RSA certificate instead.
Take a look at
You are asking for a wildcard certificate but with what seems like the HTTP-01 Challenge.
The DNS-01 Challenge is needed for wildcard certificate.
You can read about
Challenge Types - Let's Encrypt
privkey.pem 241 bytes
That can't be right!
privkey.pem file must be damaged.
Without showing it here:
view the file and ensure it begins with
-----BEGIN RSA PRIVATE KEY-----"
and ends with:
-----END RSA PRIVATE KEY-----"
That can't be right!
But, looks like it was probably RSA vs ECDSA. A recent (RSA) wildcard cert is used now
So, this got eaten from the request:
Good point. I wonder if that is ignored without now explicitly saying --key-type RSA ?
I'm thinking since the new default is ECDSA
Thanks for the input, but I fixed the problem by reinstalling Cerbot, with:
sudo apt-get install certbot
I think you'll find that is a much older Certbot version whose default cert type was RSA. So, this is not so much a fix as a work-around. You would have been better off just adding
--key-type RSA to your command as described by that link _az showed
Modern Certbot will use PKCS#8 format, so you won't see the key type in the PEM header.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.