@rg305 Well, technically I can't create such a rsa key.
Thats based on all the nice exceptions in the old CertEnroll::CX509PrivateKey API, maybe even in crypt32.dll.
Of course it is possible to get such certificates signed by LE. But I simply can't create these god damn keys in the first place.
Just to be accurate 