Apache: SSLCertificateFile: file does not exist or is empty
Note that the message you quoted referred to the Certificate File /var/www/html/licweb/www.licweb.com.crt while everything you mention after "WHAT I TRIED" refers to the Key File.
Note also that the key file is not supposed to have the permissions you mentioned. The permissions for the key file should be owner root and mode 600. Many applications that read key files check that the mode doesn't allow access to others. So the permissions on the key would also cause an error, but it would be a different error.
In the solutions you tried, you have keys in /etc/pki/tls while the error message refers to /var/www/html/licweb. There is also a ca.key mentioned, but your certificate is self signed.
Related videos on Youtube
02 : 02
13 : 37
03 : 33
03 : 03
02 : 40
Ankit Prajapati
Updated on September 18, 2022Comments
-
Ankit Prajapati over 1 year
I created a Private Key, CSR, and CRT using the below commands to run a Website using HTTPS on Apache 2.4.6. And the Operating System is Cent OS 7.
// To generate a Private Key 1. openssl genrsa -des3 -out www.licweb.com.key 1024 // To generate CSR 2. openssl req -new -key www.licweb.com.key -out www.licweb.com.csr // To generate CRT 3. openssl x509 -req -days 365 -in www.licweb.com.csr -signkey www.licweb.com.key -out www.licweb.com.crt
Now, I am referencing the above created files in my httpd.conf file. But after that, when I try to RESTART Apache, I get the following error:
ERROR: SSLCertificateFile: file '/var/www/html/licweb/www.licweb.com.crt' does not exist or is empty
- The Path is correct.
- The File also Exist.
- There is even Data in the file and hence it is not empty.
[WHAT I TRIED]
I tried the following Solutions found on Google Resources:
Solution 1:
Executing command apachectl configtest which is running fine.
Solution 2:
Repairing SELinux with the below commands:
1. sudo restorecon -Rv /etc/pki/tls/certs/ 2. chcon --reference=/etc/pki/tls/private/localhost.key /etc/pki/tls/private/ca.keySolution 3:
chcon -t cert_t /etc/pki/tls/private/my.keyBut none of the Solutions are working. I am still getting the same Error.
I think even the permissions are fine:
ls -l www.licweb.com.key -rwxrwxrwt. 1 root root 963 Jul 17 10:39 www.licweb.com.key
I cannot think of any other Solution. Does anybody have any idea what is going wrong or what am I doing wrong. Any help will be highly appreciated. Thanks.
-
Ankit Prajapati almost 6 yearsI again tried everything with .crt. Tried changing the permissions to 600. Error still persists. And I am not able to follow your last paragraph about ca.key. So what if there is a ca.key and I have self-signed certificate?
-
RalfFriedl almost 6 years@Ankit Prajapati You write "2. chcon .../ca.key". CA in this context usually means Certificate Authority, the authority or root that signs your certificate and possible many others. The contrast is a certificate not signed by a CA, it is self signed. What is the content of the file '/var/www/html/licweb/www.licweb.com.crt'? It is no problem to make the certificate public, it will be sent to all the clients anyway. The key file has to be kept secret.
-
Ankit Prajapati almost 6 yearsI ran the following command on my parent folder "licweb" as >>restorecon -Rv licweb/ and the error is gone. It did some resetting. Now the Apache is running fine. Thank you so much for all the help because of your efforts I got the idea. Highly appreciated.
