let's encrypt > certbot > openssl certificate (2048 bit key issue)
I'm trying to generate a wildcard PFX certificate for my domain example.com with Let's Entrypt, then using certbot and finally converting .pem to pfx using OpenSSL. The problem is that it seems the final PFX file doesn't meet security browser requiements and the key doesn't have at least 2048 characters, but this is really strange as Certbot by default works at 2048 bits for RSA keys (already tried forcing to 4096 but I get the same result).
This is the procedure I followed:
from Certbot (installed via Anaconda Python) I ran
call C:\ProgramData\Anaconda3\Scripts\activate.bat
certbot certonly --dns-cloudflare --dns-cloudflare-credentials "C:\Users\administrator.EXAMPLE\Desktop\certificati\cloudflare.ini" --dns-cloudflare-propagation-seconds 30 -d *.example.com --email example@example.com
After, from OpenSSL I ran
openssl pkcs12 -export -out "C:\Users\administrator.EXAMPLE\Desktop\certificati\EXAMPLE.com.pfx" -inkey "C:\Certbot\live\EXAMPLE.com\privkey.pem" -in "C:\Certbot\live\EXAMPLE.com\fullchain.pem" -password pass:TEST2023!
From Sangfor VDI interface an alert appears when I try to import the certificate and if I test to access the FQDN from Chrome for example, the domain cannot be loaded due to SSL mismatch.
certbot certonly --rsa-key-size 2048 --key-type rsa --dns-cloudflare --dns-cloudflare-credentials "C:\Users\administrator.EXAMPLE\Desktop\certificati\cloudflare.ini" --dns-cloudflare-propagation-seconds 30 -d *.example.com --email example@example.com
- Using multiple SSL certificates in Tomcat 7
- ESP32 TLS cert update
- SSL handshake failure in Java Agent (in HCL Notes 14)
- How to fix javax.net.ssl.SSLHandshakeException even though i have already added the certificate
- SSL configuration issue with RabbitMQ Web-Stomp Plugin
- How to Automatically Renew Let's Encrypt SSL Certificate on All-Inkl DNS and Google Cloud VM (Ubuntu)?
- Explicit SSL / TLS version selection
- Why is Firefox not trusting my self-signed certificate?
- Poetry install failing with SSLError: Max retries exceeded on GitHub HTTPSConnectionPool
- nginx SSL no start line: expecting: TRUSTED CERTIFICATE
- How can I tell git to ignore SSL errors only for one specific remote host?
- Coolify with CloudFlared & SSL/TLS HTTPS
- How to ignore SSL certificate errors in Apache HttpComponents HttpClient 5.1
- Python - requests.exceptions.SSLError - dh key too small
- PyMongo [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
- FastAPI OAuth2 with ForgeRock: SSL Certificate Verification Issue
- SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
- nginx the "ssl" directive is deprecated, use the "listen ... ssl"
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- OpenSSL: explicitly set start/end date using `openssl req`?
- Problem installing Issuer (cert-manager) inside GKE cluster tls: failed to verify certificate: x509: certificate signed by unknown authority
- Unable to enforce https for github pages with Godaddy domain
- SSL certificate rejected trying to access GitHub over HTTPS behind firewall
- SSL peer certificate or SSH remote key was not OK
- GKE Autopilot: How to add/manage SSL Certificate to GKE autopilot
- How to configure Pentaho Carte to accept HTTPS request instead of HTTP
- SSL and aiohttp: disable SSL verification do not work on python 3.12
- Is it possible to use Spring Boot SSL bundles internally, while keeping legacy configuration (e.g. javax.net.ssl.*) in application.properties?
- SSL module in Python is not available (on OSX)
- SSL certificate issue unable to get local issuer certificate