[Bug/request] Add `-traditional` to `openssl genrsa` command if using openssl3

[donmor]

Several issues reporting Only RSA or EC key is supported, and I finally found what is wrong:

acme.sh generates CA private key by running openssl genrsa 2048 and use this key later on. It checks if header string -----BEGIN RSA PRIVATE KEY----- is in the key file, which should be PKCS#1 format. However, openssl3 now use PKCS#8 by default (using header string -----BEGIN PRIVATE KEY-----), unless -traditional is specified.

Related: #146 , #1581 , #1932 , #3659 , #5104 , #5201 , etc.

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.