Apache:mod_ssl:Error: Private key not found

ssl-certificate apache-2.4 mod-ssl amazon-linux

12,600

In your config, you have these three lines:

SSLCertificateFile    /etc/ssl/certs/mycert.crt
SSLCertificateKeyFile /etc/ssl/private/mycert.key
SSLCertificateFile /etc/ssl/certs/sub.class1.server.ca.pem

You are repeating SSLCertificateFile. That means that Apache will use the second instance of the variable, i.e. /etc/ssl/certs/sub.class1.server.ca.pem - but your key is the one for /etc/ssl/certs/mycert.crt, so it doesn't match the CA cert. Thus, Apache isn't able to find the key for the certificate.

Probably your config should instead look like this:

# Server certificate
SSLCertificateFile    /etc/ssl/certs/mycert.crt
# Key to server certificate
SSLCertificateKeyFile /etc/ssl/private/mycert.key
# Glue certificate to CA
SSLCACertificateFile /etc/ssl/certs/sub.class1.server.ca.pem

Note that the second certificate starts with SSLCA instead of just SSL.

12,600

davids

microapps MoonMail MONEI

Updated on September 18, 2022

Comments

davids over 1 year

I'm installing a SSL certificate to serve HTTPS. I'm using Apache 2.4 in Amazon Linux and got the certificate in Startssl. My Vhost config is the following:

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    ServerAdmin [email protected]
    ServerName myweb.com
    DocumentRoot /var/www/html/myapp
    <Directory /var/www/htmlmyapp>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      Order allow,deny
      allow from all
    </Directory>

    ErrorLog /var/log/httpd/error_log
    LogLevel warn

    CustomLog /var/log/httpd/ssl_access.log combined
    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/mycert.crt
    SSLCertificateKeyFile /etc/ssl/private/mycert.key
    SSLCertificateFile /etc/ssl/certs/sub.class1.server.ca.pem
    BrowserMatch "MSIE [2-6]" \
      nokeepalive ssl-unclean-shutdown \
      downgrade-1.0 force-response-1.
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

  </VirtualHost>
</IfModule>

When I restart Apache, I get this output:

Stopping httpd:                                            [  OK  ]
Starting httpd: Apache/2.4.12 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Private key myweb.com:443:0 (/etc/ssl/private/mycert.key)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
Apache:mod_ssl:Error: Private key not found.
**Stopped
                                                           [FAILED]

So, it asks me for the passphrase of a key, the passphrase is ok and then it says that it can't find it. What am I missing?

davids about 9 years

The paths are ok, it was a typo, because I changed the actual certificate names. Sorry!
davids about 9 years

That did it. Actually, I was using the SSLCertificateChainFile before, but Apache complained and told me to use SSLCertificateFile (The SSLCertificateChainFile directive (/etc/httpd/conf.d/ssl.conf:22) is deprecated, SSLCertificateFile should be used instead). Thank you!
Jenny D about 9 years

That was a misleading error message!
davids about 9 years

It was!! And an expensive one too, it made me waste a couple of hours :(