Apache2 SSL Certificate error
Solution 1
Checkdomain gave me an unvalid Private Key. Problem solved.
Solution 2
You could use the command apachectl -t
to check for any syntax error's before restart the apache
service.
The command should output Syntax OK
if no error's are found.
You should include more details regarding your .conf
files before we could decide what's the error.
Regardless, this is a configuration example for enabling SSL support:
<VirtualHost *:443>
ServerName example.com
DocumentRoot "/var/www/html"
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/mycert.pem
SSlCertificateKeyFile /etc/httpd/ssl/mycert.pem
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>
To enable SSL, the configuration file must include at minimal the following options:
SSLEngine On: turn support for SSL.
SSLCertificateFile: The location of the singed certificate you were provided.
SSlCertificateKeyFile: The key file that was generated on your system.
Also, a required approach by many browser to justify the request's to your site, is to include the chain file -the one called bundle- using the configuration option SSLCertificateChainFile
And I would suggest the following reference's: Apache how-to : https://httpd.apache.org/docs/2.4/en/ssl/ssl_howto.html
Related videos on Youtube
cy8berpunk
Updated on September 18, 2022Comments
-
cy8berpunk over 1 year
I bought a Cert. at checkdomain. They gave me two files a .crt and a .ca-bundle and .key. I moved them to "/etc/ssl/g/". I enabled SSL with "a2enmod ssl" and restarted the apache by using "sudo service apache2 restart", no error till then.
Then I edited default-ssl.conf:
<VirtualHost *:443> ServerName mrgrimod.de DocumentRoot "/var/www/html" SSLEngine on SSLCertificateFile /etc/ssl/g/g.crt SSlCertificateKeyFile /etc/ssl/g/g.key </VirtualHost>
Then I tried to restart the apache by using "sudo service apache2 restart" but it fails to restart and spills out that error:
Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.
The apache error log contained these lines:
Fri Mar 30 17:03:50.143429 2018] [ssl:error] [pid 10598:tid 3074262784] AH02579: Init: Private key not found [Fri Mar 30 17:03:50.143530 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Fri Mar 30 17:03:50.143557 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error [Fri Mar 30 17:03:50.143578 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Fri Mar 30 17:03:50.143599 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA) [Fri Mar 30 17:03:50.143620 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib [Fri Mar 30 17:03:50.143640 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Fri Mar 30 17:03:50.143660 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO) [Fri Mar 30 17:03:50.143674 2018] [ssl:emerg] [pid 10598:tid 3074262784] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information [Fri Mar 30 17:03:50.143704 2018] [ssl:emerg] [pid 10598:tid 3074262784] AH02564: Failed to configure encrypted (?) private key server1.server1.de:443:0, check /etc/ssl/ssl.key/server.key
-
Admin about 6 yearsAn ongoing brute force attack against your SSH is flooding the actually useful lines from your
journalctl -xn
output. -
Admin about 6 yearsGo look at the error logs for apache instead. They'll probably be in /var/log/httpd/.
-
Admin about 6 years@EsaJokinen Yeah I updated it but still same. That s the output.
-
Admin about 6 yearsThe log at that link seems like an access log. You need to look at the error log.
-
Admin about 6 years@JennyD Sry, my fault, here is the new one: pastebin.com/AnLPQatQ
-
Admin about 6 yearsThis line pretty much sums up the problem.
[Fri Mar 30 17:03:50.143704 2018] [ssl:emerg] [pid 10598:tid 3074262784] AH02564: Failed to configure encrypted (?) private key server1.server1.de:443:0, check /etc/ssl/ssl.key/server.key
-
Admin about 6 yearsYou should also define the
SSLCertificateFile
-
-
JohnA about 6 yearsSSLCertificateChainFile is deprecated. SSLCertificateFile should be used. See: httpd.apache.org/docs/2.4/mod/…
-
cy8berpunk about 6 yearsI followed your instructions but now it says:
Failed to configure encrypted (?) private key mrgrimod.de:443:0, check /etc/ssl/g/g.pem
-
Abdullah about 6 years@MrGrimod, that mean you have an invalid key file. You need to check your key's man.