I’ve managed to use the webroot method to generate the certificate chain with no issues. However, I have now hit a snag. I used Apache to allow the ACME verification to take place but the actual software in use on this server is a Windows application running under Mondo. It therefore needs a PVK, rather than PEM, format private key.
I thought that it would be simply a matter of converting the PEM to PVK, but the OpenSSL tool is telling me that I need to provide a pass-phrase. Does the key generated by LetsEncrypt really contain a pass-phrase?