1openssl rsa -in privateKey.pem -out newPrivateKey.pem

This could be an incorrect use of certificates. Make sure to use the following (translate to nginx if you're not using apache) 1SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem 2SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem 3Include /etc/letsencrypt/options-ssl-apache.conf …

https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices

1openssl rsa -in encrypted-private.key -out non-encrypted-private.key 2Enter pass phrase for encrypted-private.key: 3writing RSA key See https://knowledge.digicert.com/solution/SO5292.html

You can fix it by creating .a 'dhparam' file as follows in nginx: 1cd /etc/ssl/certs 2openssl dhparam -dsaparam -out ./dhparam.pem 4096 NOTE: "-dsaparam" is significant. Otherwise, it would take creation of dhparam.pem almost 24hours or more. See …

1yum install certbot.noarch -y 234certbot -d *.example.com \ 5--manual \ 6--preferred-challenges \ 7dns certonly \ 8--server https://acme-v02.api.letsencrypt.org/directory 910... 11... 12create the TXT DNS record NOTE: In creating the cert, make sure to wait for 5minutes or better check in another terminal session if …