unable to start apache after setting virtual host

Posted March 25, 2016 8.8k views

After setting the virtual host for the SSL i am getting error while starting the apache

  • Restarting web server apache2 Action ‘start’ failed. The Apache error log may have more information.
<VirtualHost *:80>
   Redirect permanent /

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/
    SSLCertificateKeyFile /etc/ssl/private/
    SSLCertificateChainFile /etc/ssl/intermediate.crt

     ServerAdmin webmaster@localhost
     DocumentRoot /var/www/html

     <Directory /var/www/html/ >
           Options Indexes FollowSymLinks MultiViews
           AllowOverride All
           Order allow,deny
            allow from all

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Did you check The Apache error log?

  • [Fri Mar 25 05:55:34.236737 2016] [ssl:warn] [pid 14844] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
    [Fri Mar 25 05:55:34.237146 2016] [ssl:emerg] [pid 14844] AH02238: Unable to configure RSA server private key
    [Fri Mar 25 05:55:34.237188 2016] [ssl:emerg] [pid 14844] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    [Fri Mar 25 05:55:34.237196 2016] [ssl:emerg] [pid 14844] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
    • As it says, the certificate / key pair you are using does not match.

      • so what should i do. i have followed the proper procedure

        • Paste the output of these commands:

          openssl x509 -in /etc/ssl/certs/ -issuer -noout -subject -dates
          openssl x509 -noout -modulus -in /etc/ssl/certs/ | openssl md5
          openssl rsa -noout -modulus -in /etc/ssl/private/ | openssl md5
          • After trying your code i got this result

            user@bni:~# openssl x509 -in /etc/ssl/certs/ -issuer -noout -subject -dates
            issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
            subject= /OU=Domain Control Validated/OU=PositiveSSL/
            notBefore=Mar 16 00:00:00 2016 GMT
            notAfter=Mar 16 23:59:59 2017 GMT
            user@bni:~# openssl x509 -noout -modulus -in /etc/ssl/certs/ | openssl md5
            (stdin)= b39acf66aeb75b0429e1692d3dbae44a
            user@bni:~# openssl rsa -noout -modulus -in /etc/ssl/private/ | openssl md5
            (stdin)= 1e3267535654dd74865a56ce2f0d82f0

            and still the apache2 is not getting started

        • As you can see, the key does not match the certificate. Use the key you generated alongside the CSR you submitted to Comodo.