At the moment, I’m trying to set up SSL connection with certbot generated certificate.
The problem is that the uWSGI doesn’t seem to recognize the private key generated (privkey.pem).
I tried manually generating certificate using OpenSSL and it runs alright, even though whatever client tries to access would mind the unverified credential.
I noticed that while the key I generated manually has “RSA PRIVATE KEY” on its header, the one generated by certbot only has “PRIVATE KEY”.
How can I make this work?
I’m running an up-to-date Debian 10 system. Once again, the web server is on a standalone uWSGI instance, running Python3 Flask application.
Did you intentionally remove your domain name, or is that what it really said?
Can you also answer the question about read access? Can the user actually read the private key?
head -n 1 /etc/letsencrypt/live/$DOMAIN/privkey.pem
You should be using /etc/letsencrypt/live/ instead of archive. One of the potential ways that using archive can go bad is that the private key can get mismatched with the wrong certificate, which would produce the error you have.