[solved]Unable to install new SSL certificate for Apache

[roarkh]

Hi everyone,

I have a Gentoo server running Apache2 with a working GoDaddy SSL certificate that is about to expire next week. Instead of trying to renew the certificate I decided I would just purchase a new certificate and set that up using the documentation I made when I set up the original certificate.

I ran the following command to create the certificate signing request (I have replaced our actual domain name with 'mydomain')...

Code: Select all

openssl req -new -newkey rsa:2048 -nodes -keyout webservices.mydomain.org.key -out webservices.mydomain.org.csr

I answered all of the questions the same as before and webservices.mydomain.org.csr was created which I supplied to GoDaddy and the new certificate was generated which I downloaded.

Then, I placed the new .crt file I received from GoDaddy into /etc/ssl/apache2, and replaced the gd_bundle-g2-g1.crt and webservices.mydomain.org.key files in there as well with the new ones. After that I edited /etc/apache2/vhosts.d/00_default_ssl_vhost.conf, the only file name that changed was the file pointing to the new certificate so I went ahead and updated that but after doing so Apache will not restart, I am presented with the following errors in the ssl error log file...

Code: Select all

[Tue Jul 21 11:27:11 2015] [error] Init: Private key not found
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Jul 21 11:27:11 2015] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

The first error says "Private key not found" but I am positive that the configuration file is pointing to the right file.

Can anyone tell me what I might be doing wrong here? I would really appreciate any guidance as I am really stumped. I will admit this is the first time I have tried replacing an existing certificate with a new one in Gentoo so perhaps that has something to do with my confusion.

[roarkh]

I decided to just start over with another new certificate request and this time Apache restarted and recognized the new certificate just fine. I must have made a mistake somewhere the first time but am not sure what I did wrong. In any case this is solved now.