Where can I found a private key?

eda66 · September 9, 2020, 5:11am

This subject is a 2nd part of trouble: https://community.letsencrypt.org/t/where-certificates/
I found certificate on local PC and did export but without private key and have no choise to change export with private key (it’s impossible by system). My hosting asking about this private (security) key for install it.
Where and how can I get a private key?
p.s. am I right that is a intermediate key? : https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt

schoen · September 9, 2020, 5:20am

Hi @eda66,

The best case for using Let's Encrypt with your site is for your hosting provider to add its own support for Let's Encrypt (including making new certificates). It will be inconvenient to use Let's Encrypt if you have to get the certificates yourself outside of the hosting provider's systems, because Let's Encrypt certificates are only valid for 90 days. So you would have to repeat this process every time before the certificate expires.

The hosting provider is making you do more work by requiring you to find and provide these files (both now and in the future).

That's called an intermediate certificate (rather than an intermediate key).

Why did you conclude that it was impossible to export it from your previous environment?

The point of the private key is that it can't be calculated or obtained except by the person who originally created it, and any computers or people with whom that person chose to share it (which constitutes proof that they are allowed to use the matching certificate). If you originally made this key, then only you or the computers where you installed it have copies; the copies don't exist anywhere else.

If you really can't export it from your old system, your certificate will be unusable with your new system, and you'll need to create a new certificate instead.

eda66 · September 9, 2020, 5:26am

win-acme didn’t ask me or gave me a choose to make/save private key and now I just can’t export it (see upload)

eda66 · September 9, 2020, 5:28am

Yes, my hoster said that: “The control panel allows you to install SSL certificates issued by any certification authority including self-signed ones. There is no way to use Let’s Encrypt software to automatically issue, reissue and install certificates.”

schoen · September 9, 2020, 5:40am

If you have a choice of web hosting providers, you could consider using one that does support Let's Encrypt in an automated way:

eda66 · September 9, 2020, 6:24am

If someone get a problems like me too.
Open file “settings.json” in folder “win-acme” and change “PrivateKeyExportable”: false, (on true,)
after that in “windows certificates center” do export and choose “with private key” and follow Next.
Saving PFX file on PC and do convert .pfx to .pem
Open .pem file in text redactor and see your certificate and private key now.

schoen · September 9, 2020, 6:44am

Thanks for sharing your solution, @eda66.

system · October 9, 2020, 6:44am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Let's Encrypt's Valid SSL Key Server	3	1356	September 9, 2016
Host only support imported Cert? Help	10	1128	June 20, 2020
My domain has got rate limit, and i don't save my certificate key, how can i find back my last key via let's encrypt api? Help	3	1023	November 18, 2016
Install Let's Encrypt with existing private key Server	11	8879	November 24, 2018
SSL Certificate RSA Private Key SSL CA Certificate (Trusted Authority / "CA Bundle") Help	3	3122	September 6, 2018

Where can I found a private key?

Related topics