Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update: This is now working. 4096-bit RSA Private Key appears not to be working

    Scheduled Pinned Locked Moved
    ACME
    4
    4
    533
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      costanzo
      last edited by costanzo

      Update: This is now working. There was an issue with the version of ACME that had an issue related to Cloudflare. The latest package resolved the issue.

      When creating a Let's Encrypt Certificate with the Private Key set to 4096-bit, the Cert created is only 2048-bit.

      Is this an issue with the Acme package or a limitation with Let's Encrypt? I tried creating a "new" cert as well as renewing, both have the same outcome.

      Am I doing something wrong? The cert is a wildcard cert and I am using the HAProxy proxy.

      f93a8888-8458-4f7a-acff-d9925bcca0e5-image.png

      dcec1c71-43a7-48d8-955e-c2d797d20b9c-image.png

      Thanks in advance for any suggestions.

      1 Reply Last reply Reply Quote 0
      • KlausFK
        KlausF
        last edited by

        Hi,
        I just installed ACME, and made an LetsEncrypt certificate with 4096 bit public key.
        The only difference between your setup and mine, is that I use DNS manual.

        Regards
        Klaus

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          I just looked at acme cert I use in haproxy, and it shows 4096

          publickey.jpg

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

          1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan
            last edited by Gertjan

            This :

            8b9ee9dd-7485-4377-94cf-6d9dcf35c229-image.png

            is the Let'senscrypt' intermediate certificat, not the certificate you received from Letsenscrypt.

            When you inspect the sit's (pfSense) cert with a normal browser like FF, you'll see the 3 of them :

            0ebbb6d7-b950-415a-9e97-965374ce960b-image.png

            Yours is the most left one.
            Like mine : 4096 ....
            But hey, even 2048 will do for decades ...... although you have to trach it after 90 days max.

            edit : also .... the details of the cert you showed last for some 15 months .... that's not the 90 days max duration Letsencrypt is advertising with ;)

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post