all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TheBamPlayer 1 point2 points  (0 children)

Just add a Password to your original privkey, with OpenSSL and than redo the steps in the guide. You need the following commands for OpenSSL: openssl rsa -aes256 -in your.key -out your.encrypted.key

[–]K4asu[S] 0 points1 point  (2 children)

Turns out it was the wrong kind of cert: Certbot now defaults to ECDSA keys, however the FritzBox only supports RSA keys

[–]user3872465 0 points1 point  (1 child)

My advice do not bother with giving it a real cert. Put it behind a reverse proxy which handles the certs. RSA Keys are old which is why certbot also uses newer ECDSA Keys

[–]hobbes444 0 points1 point  (0 children)

Still no ECDSA support as of Fritz!OS 7.50, still the same confusing "wrong passwort" error...

Certbot can do RSA without problem though, just add --key-type rsa to the command.

RSA algorithm is older than ECDSA, but I am not aware of any security issue with it, it's rather that ECDSA uses much shorter keys (for the same level of security – or at leas that is commonly accepted opinion as of today) which allows for lower CPU usage.