Using Elliptic Curve in Let's Encrypt

Virtualmin
1
SYSTEM INFORMATION
OS type and version Debian 12
Webmin version 2.101
Virtualmin version 7.8.2 Pro
Related packages Let’s Encrypt

I was reading up on the advantages for using Elliptic Curve for the certificate. I tried doing this on one of my sites and was greeted with the following message.

Renewing an existing certificate for twin-peaks-video.com and www.twin-peaks-video.com
Unable to change the --key-type of this certificate because --reuse-key is set. To stop reusing the private key, specify --no-reuse-key. To change the private key this one time and then reuse it in future, add --new-key.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Here is the entry in the log file.

2023-11-05 09:44:09,930:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer <certbot._internal.cli.cli_utils._Default object at 0x7f59613ba890>
2023-11-05 09:44:09,930:DEBUG:certbot._internal.cli:Var key_type=ecdsa (set by user).
2023-11-05 09:44:09,930:DEBUG:certbot._internal.cli:Var certname=twin-peaks-video.com (set by user).
2023-11-05 09:44:09,931:DEBUG:certbot._internal.display.obj:Notifying user: Renewing an existing certificate for twin-peaks-video.com and www.twin-peaks-video.com
2023-11-05 09:44:09,958:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/bin/letsencrypt", line 33, in <module>
    sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main
    return internal_main.main(cli_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main
    return config.func(config, plugins)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1590, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 126, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 385, in renew_cert
    _avoid_reuse_key_conflicts(config, lineage)
  File "/usr/lib/python3/dist-packages/certbot/_internal/renewal.py", line 372, in _avoid_reuse_key_conflicts
    raise errors.Error(
certbot.errors.Error: Unable to change the --key-type of this certificate because --reuse-key is set. To stop reusing the private key, specify --no-reuse-key. To change the private key this one time and then reuse it in future, add --new-key.
2023-11-05 09:44:09,958:ERROR:certbot._internal.log:Unable to change the --key-type of this certificate because --reuse-key is set. To stop reusing the private key, specify --no-reuse-key. To change the private key this one time and then reuse it in future, add --new-key.
2

Hello,

This is a known and already fixed bug! It will be fixed in the next Virtualmin release.

Meanwhile, you can go to SSL Certificate page and force renew SSL certificate manually.

3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.