diff --git a/docs/release-notes/release-notes-0.17.0.md b/docs/release-notes/release-notes-0.17.0.md
index c5eed2886..fa291a59d 100644
--- a/docs/release-notes/release-notes-0.17.0.md
+++ b/docs/release-notes/release-notes-0.17.0.md
@@ -33,11 +33,14 @@
 independently](https://github.com/lightningnetwork/lnd/pull/7592) on wallet
 unlock or create.
 
+* [Restore support](https://github.com/lightningnetwork/lnd/pull/7678) for
+  `PKCS8`-encoded cert private keys.
 
 # Contributors (Alphabetical Order)
 
 * Carla Kirk-Cohen
 * Daniel McNally
 * Elle Mouton
+* Erik Arvstedt
 * hieblmi
 * Jordi Montes
diff --git a/tls_manager.go b/tls_manager.go
index 249c76218..0d9498d12 100644
--- a/tls_manager.go
+++ b/tls_manager.go
@@ -35,7 +35,10 @@ const (
 
 var (
 	// privateKeyPrefix is the prefix to a plaintext TLS key.
-	privateKeyPrefix = []byte("-----BEGIN EC PRIVATE KEY-----")
+	// It should match these two key formats:
+	// - `-----BEGIN PRIVATE KEY-----`    (PKCS8).
+	// - `-----BEGIN EC PRIVATE KEY-----` (SEC1/rfc5915, the legacy format).
+	privateKeyPrefix = []byte("-----BEGIN ")
 
 	// letsEncryptTimeout sets a timeout for the Lets Encrypt server.
 	letsEncryptTimeout = 5 * time.Second