Let's Encrypt ECDSA to RSA Issue

bgaiteiro · March 24, 2023, 5:35pm

Hello all

Very recently in several virtualmin’s getting the same issue when generating SSL through backend.

certbot.errors.Error: Are you trying to change the key type of the certificate named *********** from ECDSA to RSA? Please provide both --cert-name and --key-type on the command line to confirm the change you are trying to make.

This prevents going forward and regenerate SSL successfully.

Already search at stackoverflow and Virtualmin Forum without luck.

Any insight about this?

SYSTEM INFORMATION
Operating system Rocky Linux 8.7
Webmin version 2.013
Usermin version 1.861
Virtualmin version 7.5
Authentic theme version 20.13

ID10T · March 24, 2023, 5:55pm

By backend, do you mean command line? If so, what happens if you use the Virtualmin Gui?

Help? No. Insight? Maybe.

bgaiteiro · March 24, 2023, 6:25pm

Sorry. Backend = GUI.
Currently generating via certbot command line declaring ECDSA.

Thank you for the link. Will verify.

Nico94 · April 6, 2023, 9:27am

Same issue here: the Let’s Encrypt renewal process crashes on one particular Virtual Server.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Attempting to parse the version 2.3.0 renewal configuration file found at /etc/letsencrypt/renewal/xxx.com.conf with version 1.12.0 of Certbot. This might not work.
Attempting to parse the version 2.3.0 renewal configuration file found at /etc/letsencrypt/renewal/xxx.com.conf with version 1.12.0 of Certbot. This might not work.
Are you trying to change the key type of the certificate named xxx.com from ECDSA to RSA? Please provide both --cert-name and --key-type on the command line confirm the change you are trying to make.

For some reason, I see this in /etc/letsencrypt/renewal/xxx.com.conf:

version = 2.3.0
[...]
[renewalparams]
key_type = ecdsa

Any thoughts?

SYSTEM INFORMATION
OS type and version	Debian Linux 11
Webmin version	2.021
Usermin version	1.861
Virtualmin version	7.5
Theme version	20.21
Package updates	All installed packages are up to date

bgaiteiro · April 6, 2023, 9:32am

Hi

Edit file /usr/libexec/webmin/webmin/letsencrypt-lib.pl

find

if (&compare_version_numbers($cmd_ver, 2.0) >= 0) {
	$new_flags = " --key-type ".quotemeta($key_type);
}

and remove the conditional statement and leave just this

$new_flags = " --key-type ".quotemeta($key_type);

Then restart webmin service.

Nico94 · April 6, 2023, 9:44am

Brilliant, thank you so much

Just in case any Debian user lands here concerning the same issue, the file to edit is located there: /usr/share/webmin/webmin/letsencrypt-lib.pl

system · June 5, 2023, 9:44am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.