From 8304ed4c889a3cf46f09f36f298d154333333a2f Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Sat, 25 Apr 2026 16:37:08 +0200
Subject: [PATCH] OpenSSL 4 CLI compatibility (#1005) (#1010)

* OpenSSL 4 text output leaves leading 00: away.

* Split up key parsing function.

* Add tests.

(cherry picked from commit 1a96fe0bbcb26852d8f4348e5d76f0d7d3d9d1e7)
(cherry picked from commit fa36f75812c52a008bdad230a87508d5ed2d10b5)
---
 changelogs/fragments/1005-openssl-4.yml          | 2 ++
 plugins/module_utils/acme/backend_openssl_cli.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/1005-openssl-4.yml

diff --git a/changelogs/fragments/1005-openssl-4.yml b/changelogs/fragments/1005-openssl-4.yml
new file mode 100644
index 00000000..347e4a06
--- /dev/null
+++ b/changelogs/fragments/1005-openssl-4.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "acme_* modules - adjust OpenSSL RSA private key output parsing to OpenSSL 4.0.0 (https://github.com/ansible-collections/community.crypto/pull/1005)."
diff --git a/plugins/module_utils/acme/backend_openssl_cli.py b/plugins/module_utils/acme/backend_openssl_cli.py
index ae9238e5..6ec6b831 100644
--- a/plugins/module_utils/acme/backend_openssl_cli.py
+++ b/plugins/module_utils/acme/backend_openssl_cli.py
@@ -164,7 +164,7 @@ class OpenSSLCLIBackend(CryptoBackend):
 
         if account_key_type == "rsa":
             pub_hex = re.search(
-                r"modulus:\n\s+00:([a-f0-9\:\s]+?)\npublicExponent",
+                r"modulus:\n\s+(?:00:)?([a-f0-9\:\s]+?)\npublicExponent",
                 out_text,
                 re.MULTILINE | re.DOTALL,
             ).group(1)