unable to start apache after setting virtual host

March 25, 2016 600 views
Apache DigitalOcean Ubuntu

After setting the virtual host for the SSL i am getting error while starting the apache

  • Restarting web server apache2 Action 'start' failed. The Apache error log may have more information.
<VirtualHost *:80>
   ServerName bnistore.in
   Redirect permanent / https://bnistore.in/

<VirtualHost *:443>
    ServerName bnistore.in
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/bnistore.in.crt
    SSLCertificateKeyFile /etc/ssl/private/bnistore.in.key
    SSLCertificateChainFile /etc/ssl/intermediate.crt

     ServerAdmin webmaster@localhost
     DocumentRoot /var/www/html

     <Directory /var/www/html/ >
           Options Indexes FollowSymLinks MultiViews
           AllowOverride All
           Order allow,deny
            allow from all
1 Answer

Did you check The Apache error log?

  • [Fri Mar 25 05:55:34.236737 2016] [ssl:warn] [pid 14844] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
    [Fri Mar 25 05:55:34.237146 2016] [ssl:emerg] [pid 14844] AH02238: Unable to configure RSA server private key
    [Fri Mar 25 05:55:34.237188 2016] [ssl:emerg] [pid 14844] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    [Fri Mar 25 05:55:34.237196 2016] [ssl:emerg] [pid 14844] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
    • As it says, the certificate / key pair you are using does not match.

      • so what should i do. i have followed the proper procedure

        • Paste the output of these commands:

          openssl x509 -in /etc/ssl/certs/bnistore.in.crt -issuer -noout -subject -dates
          openssl x509 -noout -modulus -in /etc/ssl/certs/bnistore.in.crt | openssl md5
          openssl rsa -noout -modulus -in /etc/ssl/private/bnistore.in.key | openssl md5
          • After trying your code i got this result

            user@bni:~# openssl x509 -in /etc/ssl/certs/bnistore.in.crt -issuer -noout -subject -dates
            issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
            subject= /OU=Domain Control Validated/OU=PositiveSSL/CN=bnistore.in
            notBefore=Mar 16 00:00:00 2016 GMT
            notAfter=Mar 16 23:59:59 2017 GMT
            user@bni:~# openssl x509 -noout -modulus -in /etc/ssl/certs/bnistore.in.crt | openssl md5
            (stdin)= b39acf66aeb75b0429e1692d3dbae44a
            user@bni:~# openssl rsa -noout -modulus -in /etc/ssl/private/bnistore.in.key | openssl md5
            (stdin)= 1e3267535654dd74865a56ce2f0d82f0

            and still the apache2 is not getting started

        • As you can see, the key does not match the certificate. Use the key you generated alongside the CSR you submitted to Comodo.

Have another answer? Share your knowledge.