Update: This is now working. 4096-bit RSA Private Key appears not to be working



  • Update: This is now working. There was an issue with the version of ACME that had an issue related to Cloudflare. The latest package resolved the issue.


    When creating a Let's Encrypt Certificate with the Private Key set to 4096-bit, the Cert created is only 2048-bit.

    Is this an issue with the Acme package or a limitation with Let's Encrypt? I tried creating a "new" cert as well as renewing, both have the same outcome.

    Am I doing something wrong? The cert is a wildcard cert and I am using the HAProxy proxy.

    f93a8888-8458-4f7a-acff-d9925bcca0e5-image.png

    dcec1c71-43a7-48d8-955e-c2d797d20b9c-image.png

    Thanks in advance for any suggestions.



  • Hi,
    I just installed ACME, and made an LetsEncrypt certificate with 4096 bit public key.
    The only difference between your setup and mine, is that I use DNS manual.

    Regards
    Klaus


  • LAYER 8 Global Moderator

    I just looked at acme cert I use in haproxy, and it shows 4096

    publickey.jpg



  • This :

    8b9ee9dd-7485-4377-94cf-6d9dcf35c229-image.png

    is the Let'senscrypt' intermediate certificat, not the certificate you received from Letsenscrypt.

    When you inspect the sit's (pfSense) cert with a normal browser like FF, you'll see the 3 of them :

    0ebbb6d7-b950-415a-9e97-965374ce960b-image.png

    Yours is the most left one.
    Like mine : 4096 ....
    But hey, even 2048 will do for decades ...... although you have to trach it after 90 days max.

    edit : also .... the details of the cert you showed last for some 15 months .... that's not the 90 days max duration Letsencrypt is advertising with ;)


Log in to reply