Problems installing ssl certificate to server

I run the command, and supposedly I get the .pem files (cert, chain, fullchain and privkey), when installing in the domain admin panel, I get the following message:

"Error: Install SSL Let's Encrypt
The MODULUS of the certificate files (key and crt) do not match."

and I don't know what the problem could be, I would appreciate the help in this regard.


My domain is: xperticia.com

I ran this command: sudo certbot certonly --manual --agree-tos -d xperticia.com -d '*.xperticia.com' --rsa-key-size 4096

It produced this output: fullchain.pem 5.3 Kb y privkey.pem 241 bytes

My web server is (include version):

The operating system my web server runs on is (include version): Linux 3.10.0-1160.62.1.el7.x86_64

My hosting provider, if applicable, is: Donweb.com

I can login to a root shell on my machine (yes or no, or I don't know): NO

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): ferozo

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.3.0

1 Like

Since version 2.0, Certbot issues ECDSA certificates by default.

Based on the error message:

it sounds like your hosting platform does not support ECDSA certificates.

So, you will need to re-issue your certificate as an RSA certificate instead.

Take a look at this link.

7 Likes

You are asking for a wildcard certificate but with what seems like the HTTP-01 Challenge.
The DNS-01 Challenge is needed for wildcard certificate.

You can read about Challenge Types - Let's Encrypt

1 Like

That can't be right!

Your privkey.pem file must be damaged.

Without showing it here:

view the file and ensure it begins with
"-----BEGIN RSA PRIVATE KEY-----"
and ends with:
"-----END RSA PRIVATE KEY-----"

4 Likes

Certainly not :slight_smile:

But, looks like it was probably RSA vs ECDSA. A recent (RSA) wildcard cert is used now

3 Likes

So, this got eaten from the request:

3 Likes

Good point. I wonder if that is ignored without now explicitly saying --key-type RSA ?

I'm thinking since the new default is ECDSA

4 Likes

Thanks for the input, but I fixed the problem by reinstalling Cerbot, with: sudo apt-get install certbot

2 Likes

I think you'll find that is a much older Certbot version whose default cert type was RSA. So, this is not so much a fix as a work-around. You would have been better off just adding --key-type RSA to your command as described by that link _az showed

5 Likes

Modern Certbot will use PKCS#8 format, so you won't see the key type in the PEM header.

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.