Apache2 SSL Certificate error

apache-2.2 ssh debian ssl ssl-certificate
11,528

Solution 1

Checkdomain gave me an unvalid Private Key. Problem solved.

Solution 2

You could use the command apachectl -t to check for any syntax error's before restart the apache service. The command should output Syntax OK if no error's are found.

You should include more details regarding your .conf files before we could decide what's the error.

Regardless, this is a configuration example for enabling SSL support:

<VirtualHost *:443>
ServerName example.com
DocumentRoot "/var/www/html"

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/mycert.pem
SSlCertificateKeyFile /etc/httpd/ssl/mycert.pem
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>

To enable SSL, the configuration file must include at minimal the following options:

SSLEngine On: turn support for SSL.

SSLCertificateFile: The location of the singed certificate you were provided.

SSlCertificateKeyFile: The key file that was generated on your system.

Also, a required approach by many browser to justify the request's to your site, is to include the chain file -the one called bundle- using the configuration option SSLCertificateChainFile

And I would suggest the following reference's: Apache how-to : https://httpd.apache.org/docs/2.4/en/ssl/ssl_howto.html

Share:
11,528

Related videos on Youtube

cy8berpunk
Author by

cy8berpunk

Updated on September 18, 2022

Comments

  • cy8berpunk
    cy8berpunk over 1 year

    I bought a Cert. at checkdomain. They gave me two files a .crt and a .ca-bundle and .key. I moved them to "/etc/ssl/g/". I enabled SSL with "a2enmod ssl" and restarted the apache by using "sudo service apache2 restart", no error till then.

    Then I edited default-ssl.conf:

    <VirtualHost *:443>
ServerName mrgrimod.de
DocumentRoot "/var/www/html"

SSLEngine on
SSLCertificateFile    /etc/ssl/g/g.crt
SSlCertificateKeyFile /etc/ssl/g/g.key
</VirtualHost>

    Then I tried to restart the apache by using "sudo service apache2 restart" but it fails to restart and spills out that error: Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.

    The apache error log contained these lines:

     Fri Mar 30 17:03:50.143429 2018] [ssl:error] [pid 10598:tid 3074262784] AH02579: Init: Private key not found
[Fri Mar 30 17:03:50.143530 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Mar 30 17:03:50.143557 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Mar 30 17:03:50.143578 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Mar 30 17:03:50.143599 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Mar 30 17:03:50.143620 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Mar 30 17:03:50.143640 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Mar 30 17:03:50.143660 2018] [ssl:error] [pid 10598:tid 3074262784] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Mar 30 17:03:50.143674 2018] [ssl:emerg] [pid 10598:tid 3074262784] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Fri Mar 30 17:03:50.143704 2018] [ssl:emerg] [pid 10598:tid 3074262784] AH02564: Failed to configure encrypted (?) private key server1.server1.de:443:0, check /etc/ssl/ssl.key/server.key
    • Admin
      Admin about 6 years
      An ongoing brute force attack against your SSH is flooding the actually useful lines from your journalctl -xn output.
    • Admin
      Admin about 6 years
      Go look at the error logs for apache instead. They'll probably be in /var/log/httpd/.
    • Admin
      Admin about 6 years
      @EsaJokinen Yeah I updated it but still same. That s the output.
    • Admin
      Admin about 6 years
      The log at that link seems like an access log. You need to look at the error log.
    • Admin
      Admin about 6 years
      @JennyD Sry, my fault, here is the new one: pastebin.com/AnLPQatQ
    • Admin
      Admin about 6 years
      This line pretty much sums up the problem. [Fri Mar 30 17:03:50.143704 2018] [ssl:emerg] [pid 10598:tid 3074262784] AH02564: Failed to configure encrypted (?) private key server1.server1.de:443:0, check /etc/ssl/ssl.key/server.key
    • Admin
      Admin about 6 years
      You should also define the SSLCertificateFile
  • JohnA
    JohnA about 6 years
    SSLCertificateChainFile is deprecated. SSLCertificateFile should be used. See: httpd.apache.org/docs/2.4/mod/…
  • cy8berpunk
    cy8berpunk about 6 years
    I followed your instructions but now it says: Failed to configure encrypted (?) private key mrgrimod.de:443:0, check /etc/ssl/g/g.pem
  • Abdullah
    Abdullah about 6 years
    @MrGrimod, that mean you have an invalid key file. You need to check your key's man.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

sslv3 alert bad certificate when attempting to connect with Mail Client
Restart of nginx service fails because of /etc/nginx/nginx.conf test failure
Apache multiple virtual hosts with ssl certificates
How to install godaddy's ssl on apache
SSL certificates for domain without www
mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
SSL self-signed certificate error on Samba 4
SSL Configuration failed in Apache after moving keys/certs to another machine
Possible locations of ssl.conf and httpd.conf
Debian Apache2 SSL Issues - Error code: ssl_error_rx_record_too_long