SSL Installation, Apache Not Starting

December 3, 2014 8.9k views

I'm trying to install a Comodo SSL certificate on my site and after I changed the default-ssl.conf file, apache fails to start.

Here's my default-ssl.conf file:

<IfModule mod_ssl.c>
  <VirtualHost *:443>

        ServerAdmin admin@site.com
        ServerName site.com
        ServerAlias www.site.com
        DocumentRoot /var/www/html/site/public
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateKeyFile /etc/ssl/private/site.key
        SSLCertificateFile /etc/ssl/private/site_com.crt
        SSLCertificateChainFile /etc/ssl/private/site.ca-bundle

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars

        <Directory "/var/www/html/site/public">
                AllowOverride all
                Require all granted
                Options Indexes FollowSymLinks MultiViews
                Order allow,deny
                allow from all

        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

I ran the two has checks and they are both the same value:

openssl x509 -noout -modulus -in /etc/ssl/private/fertona_com.crt | openssl md5
openssl rsa -noout -modulus -in /etc/ssl/private/fertona.key | openssl md5

My Apache error log shows the following errors:

[Tue Dec 02 23:30:26.324586 2014] [ssl:emerg] [pid 3875] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Tue Dec 02 23:30:26.324596 2014] [ssl:emerg] [pid 3875] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Tue Dec 02 23:32:59.190380 2014] [ssl:emerg] [pid 3959] AH02238: Unable to configure RSA server private key

And finally, the order of my Comodo Certificates (in my site.ca-bundle file) is like so:

This is my first time installing a SSL certificate and I really have no idea what the issue is. Thanks for the help!

  • The error being displayed indicates that your certificate does not match the key on your droplet. Was the certificate generated using a CSR you created on this droplet?

  • Do DigitalOcean LAMP servers come with a key preinstalled? I generated it by entering the fields Country, State, City, ...

    and even if these commands return the same value does it mean that?

    openssl x509 -noout -modulus -in /etc/ssl/private/fertonacom.crt | openssl md5
    openssl rsa -noout -modulus -in /etc/ssl/private/fertona.key | openssl md5
Be the first one to answer this question.