6b6949496dafe9ee25c362e5afa0a4143a1b67ee
By:
amilajack

SSL Installation, Apache Not Starting

December 3, 2014 9.8k views

I'm trying to install a Comodo SSL certificate on my site and after I changed the default-ssl.conf file, apache fails to start.

Here's my default-ssl.conf file:

<IfModule mod_ssl.c>
  <VirtualHost *:443>

        ServerAdmin admin@site.com
        ServerName site.com
        ServerAlias www.site.com
        DocumentRoot /var/www/html/site/public
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateKeyFile /etc/ssl/private/site.key
        SSLCertificateFile /etc/ssl/private/site_com.crt
        SSLCertificateChainFile /etc/ssl/private/site.ca-bundle

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory "/var/www/html/site/public">
                AllowOverride all
                Require all granted
                Options Indexes FollowSymLinks MultiViews
                Order allow,deny
                allow from all
        </Directory>

        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

I ran the two has checks and they are both the same value:

openssl x509 -noout -modulus -in /etc/ssl/private/fertona_com.crt | openssl md5
openssl rsa -noout -modulus -in /etc/ssl/private/fertona.key | openssl md5

My Apache error log shows the following errors:

[Tue Dec 02 23:30:26.324586 2014] [ssl:emerg] [pid 3875] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue Dec 02 23:30:26.324596 2014] [ssl:emerg] [pid 3875] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Tue Dec 02 23:32:59.190380 2014] [ssl:emerg] [pid 3959] AH02238: Unable to configure RSA server private key

And finally, the order of my Comodo Certificates (in my site.ca-bundle file) is like so:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
site_com.crt

This is my first time installing a SSL certificate and I really have no idea what the issue is. Thanks for the help!

2 comments
  • The error being displayed indicates that your certificate does not match the key on your droplet. Was the certificate generated using a CSR you created on this droplet?

  • Do DigitalOcean LAMP servers come with a key preinstalled? I generated it by entering the fields Country, State, City, ...

    and even if these commands return the same value does it mean that?

    openssl x509 -noout -modulus -in /etc/ssl/private/fertonacom.crt | openssl md5
    openssl rsa -noout -modulus -in /etc/ssl/private/fertona.key | openssl md5
    
1 Answer

Sorry to see that your question hasn't received an answer yet. Unfortunately, after this much time, it is unlikely that an answer for this specific question will be provided. For people still landing here via search, check out this tutorial. It covers installing commercial SSL certificates on both Apache and Nginx:

This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The...
Have another answer? Share your knowledge.