Update: This is now working. 4096-bit RSA Private Key appears not to be working

  • Update: This is now working. There was an issue with the version of ACME that had an issue related to Cloudflare. The latest package resolved the issue.

    When creating a Let's Encrypt Certificate with the Private Key set to 4096-bit, the Cert created is only 2048-bit.

    Is this an issue with the Acme package or a limitation with Let's Encrypt? I tried creating a "new" cert as well as renewing, both have the same outcome.

    Am I doing something wrong? The cert is a wildcard cert and I am using the HAProxy proxy.



    Thanks in advance for any suggestions.

  • Hi,
    I just installed ACME, and made an LetsEncrypt certificate with 4096 bit public key.
    The only difference between your setup and mine, is that I use DNS manual.


  • LAYER 8 Global Moderator

    I just looked at acme cert I use in haproxy, and it shows 4096


  • This :


    is the Let'senscrypt' intermediate certificat, not the certificate you received from Letsenscrypt.

    When you inspect the sit's (pfSense) cert with a normal browser like FF, you'll see the 3 of them :


    Yours is the most left one.
    Like mine : 4096 ....
    But hey, even 2048 will do for decades ...... although you have to trach it after 90 days max.

    edit : also .... the details of the cert you showed last for some 15 months .... that's not the 90 days max duration Letsencrypt is advertising with ;)

Log in to reply