We Keep Coding

Getting Error in Apache error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

I have just downloaded SSL certificate from cheapsslsecurity, but apache is giving above errors.
[Sun Jul 17 15:30:01.256726 2022] [ssl:emerg] [pid 3640] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Sun Jul 17 15:30:01.256729 2022] [ssl:emerg] [pid 3640] AH02312: Fatal error initialising mod_ssl, exiting.
[Sun Jul 17 16:00:01.434769 2022] [suexec:notice] [pid 3698] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Jul 17 16:00:01.439767 2022] [ssl:emerg] [pid 3698] AH02238: Unable to configure RSA server private key
[Sun Jul 17 16:00:01.439859 2022] [ssl:emerg] [pid 3698] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Sun Jul 17 16:00:01.439862 2022] [ssl:emerg] [pid 3698] AH02312: Fatal error initialising mod_ssl, exiting.
Things I tried
Checked private key and certificate key and they are matching
In SSL certificate entered the path for crt file. Private key entered the private key file. In SSLCACertificateFile entered the bundle path provided by the site.
Removed spaces from private key
Encoding of private key file is UTF-8 and also tried changing .txt to .key
Checked validity of certificae and it is of next year

Apache SSL certificate is not working without error [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I want to put a ssl certificate which was generated today on a website but it doesn't work. The secured page is not loading, but the insecure one works. This is my conf:
<VirtualHost *:80>
ServerName example.com
ServerAdmin example#gmail.com
ServerAlias www.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/example-error.log
CustomLog /var/log/example-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAdmin example#gmail.com
ServerAlias www.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /root/certs/example.crt
SSLCertificateKeyFile /root/XXX.key
SSLCertificateChainFile /root/certs/example.crt
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug
</VirtualHost>
It is weird that I don't have errors in ssl_error_log:
[Fri Apr 02 22:33:55.266922 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.267378 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.267430 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.267738 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.267751 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.267762 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.267939 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: example / notbefore: Apr 2 00:00:00 2021 GMT / notafter: May 3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.267957 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
[Fri Apr 02 22:33:55.310426 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.310726 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.310770 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.310983 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.310994 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.311002 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.311108 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: XXX / notbefore: Apr 2 00:00:00 2021 GMT / notafter: May 3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.311117 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
[root#vps httpd]# curl https: //xxx.com
curl: (7) Failed connect to xxx.com:443; Connection refused
The port is open is firewall.
Any idea?

Other than what Ryan wrote which is absolutely corrent, you should fix (or remove)
SSLCertificateChainFile /root/certs/example.crt
If you want to fix it, you shouldn't use the certificate here but the chain which means the certificate used to sign your csr. The chain may or may not include the root: I personally never include the root.
On a side note, i suggest you to move certificates outside root home directory: you can create a sub-folder in apache root directory (/etc/{apache2,httpd}/certs) for example.

Apache2.4 will not restart after including httpd-ssl.conf

My company has just provided us SSL certificates that I had to attempt to install and configure using Apache2.4 on a Windows Server 2019.
I created a folder called "certs" within the conf folder on Apache24.
Within the certs folder, I have the following certs:
MYCOMPANY_Intermediate.cer
MYCOMPANY_Root.cer
mycompany_name_com.cer
private.cer
private.key
I have updated the httpd-ssl.conf file to include the certs, as follows:
<VirtualHost _default_:443>
DocumentRoot "D:/htdocs"
ServerName mycompany.name.com:443
ServerAdmin mycompany#email.com
ErrorLog "${SRVROOT}/logs/error-ssl.log"
TransferLog "${SRVROOT}/logs/access-ssl.log"
# SSL Engine Switch:
SSLEngine on
# Server Certificate:
SSLCertificateFile "${SRVROOT}/conf/certs/mycompany_name_com.cer"
# Server Private Key:
SSLCertificateKeyFile "${SRVROOT}/conf/certs/private.key"
# Server Certificate Chain:
SSLCertificateChainFile "${SRVROOT}/conf/certs/MYCOMPANY_Intermediate.cer"
</VirtualHost>
Back in the httpd.conf file, when I include the following:
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
Apache fails to restart.
Within the error log, the only thing noticeable that I am finding is maybe this:
[Sat Jan 23 10:56:32.453519 2021] [mpm_winnt:notice] [pid 8552:tid 772] AH00455: Apache/2.4.46 (Win64) mod_authnz_sspi/0.1.1 OpenSSL/1.1.1h PHP/7.4.12 configured -- resuming normal operations
[Sat Jan 23 10:56:32.453519 2021] [mpm_winnt:notice] [pid 8552:tid 772] AH00456: Apache Lounge VS16 Server built: Oct 2 2020 11:45:39
[Sat Jan 23 10:56:32.453519 2021] [core:notice] [pid 8552:tid 772] AH00094: Command line: 'C:\\Apache24\\bin\\httpd.exe -d C:/Apache24'
[Sat Jan 23 10:56:32.463520 2021] [mpm_winnt:notice] [pid 8552:tid 772] AH00418: Parent: Created child process 17204
[Sat Jan 23 10:56:33.684738 2021] [ssl:warn] [pid 17204:tid 808] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Sat Jan 23 10:56:33.729741 2021] [mpm_winnt:notice] [pid 17204:tid 808] AH00354: Child: Starting 64 worker threads.
As you will see, there are no errors, just warnings. I do not know why Apache is failing to restart, and I really need to get this to work.
Edit
In the Event View, under Windows Log under System, I see the following error:
The Apache2.4 service terminated with the following service-specific error:
Incorrect function.
I also see an event ID number 7024. I am not sure what that means.

I found my problem...
A typo.
Yup, it was a typo.
In the httpd-ssl.conf file, this part:
# Server Certificate:
SSLCertificateFile "${SRVROOT}/conf/certs/mycompany_name_com.cer"
mycompany_name_com.cer was mispelled.
thecompany_name_com.cer is the correct spelling.

Red Hat Apache HTTPD error

Have setup a new test server and configure HTTPD conf file as per below:
NameVirtualHost *:443
Listen 443
# URL:y1.y3t.com
<VirtualHost *:443>
ServerAdmin gis#y3t.com
ServerName y1.y3t.com
ServerAlias y1.y3t.com
ProxyTimeout 2700
Timeout 2700
SSLEngine on
# SSLProtocol -SSLv2
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /home/ssl/y3t.com.crt
SSLCertificateKeyFile /home/ssl/y3t.com.key
SSLCertificateChainFile /home/ssl/intermediate.crt
ProxyPass / http://10.0.0.2/
ProxyPassReverse / http://10.0.0.2/
ErrorLog /appl/httpd/logs/y1.y3t.com-error_log
CustomLog /appl/httpd/logs/y1.y3t.com-access_log common
</VirtualHost>
However, there seems to be some errors as per the httpd error_log.
Error Message:-
[root#sgdc-pvl-web03 ~]# tail -f /var/log/httpd/error_log
[Tue Dec 13 16:22:47 2016] [notice] Digest: generating secret for digest authentication ...
[Tue Dec 13 16:22:47 2016] [notice] Digest: done
[Tue Dec 13 16:22:47 2016] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue Dec 13 16:22:47 2016] [notice] SSL FIPS mode disabled
[Tue Dec 13 16:22:47 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Tue Dec 13 16:27:21 2016] [notice] caught SIGTERM, shutting down
[Tue Dec 13 16:27:22 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Dec 13 16:27:22 2016] [notice] SSL FIPS mode disabled
[Tue Dec 13 16:31:13 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Dec 13 16:31:13 2016] [notice] SSL FIPS mode disabled
[Tue Dec 13 16:32:14 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Dec 13 16:32:14 2016] [notice] SSL FIPS mode disabled
Can anyone advise on how can i resolve this? I'm still a newbie on this, really appreciate any help given!
Thanks for your help!

this lines in error_log is only "notice" and are not error massages
like the informasion about "SSL FIPS mode" that is disable (in last line)
[Tue Dec 13 16:32:14 2016] [notice] SSL FIPS mode disabled
does your web interface work correctly ?

Certificate does NOT include an ID which matches the server name [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I'm using XAMPP and started Apache but I cannot access my site over HTTPS.
I get the following error;
[Wed Aug 20 08:05:33.208723 2014] [ssl:warn] [pid 3784:tid 256] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Aug 20 08:05:33.746774 2014] [ssl:warn] [pid 3784:tid 256] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Aug 20 08:05:33.825871 2014] [mpm_winnt:notice] [pid 3784:tid 256] AH00455: Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.6 configured -- resuming normal operations
[Wed Aug 20 08:05:33.825871 2014] [mpm_winnt:notice] [pid 3784:tid 256] AH00456: Apache Lounge VC11 Server built: Nov 21 2013 20:13:01
[Wed Aug 20 08:05:33.825871 2014] [core:notice] [pid 3784:tid 256] AH00094: Command line: 'c:\xampp\apache\bin\httpd.exe -d C:/xampp/apache'
[Wed Aug 20 08:05:33.830753 2014] [mpm_winnt:notice] [pid 3784:tid 256] AH00418: Parent: Created child process 4452
[Wed Aug 20 08:05:35.148052 2014] [ssl:warn] [pid 4452:tid 268] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
Below is a snippet from my httpd-ssl.conf file:
# SSL Virtual Host Context
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/xampp/htdocs"
ServerName www.example.com:443
ServerAdmin admin#example.com
ErrorLog "C:/xampp/apache/logs/error.log"
TransferLog "C:/xampp/apache/logs/access.log"
</VirtualHost>
What am I doing wrong and how can I fix it?

[Wed Aug 20 08:05:33.208723 2014] [ssl:warn] [pid 3784:tid 256] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
This means there might be a server name of foo.example.com but the certificate is for bar.example.com only. In that situation, while Apache might try to serve such certificate, the browser s will not accept them when accessing https://foo.example.com, for instance.

server name used in Apache (httpd.conf) must be the same as the server name in apache (httpd-ssl.conf) e.g. in Apache (httpd.conf) ServerName localhost:8080 then in apache (httpd-ssl.conf) should be like this ServerName www.example.com:8080

Try to install newer version not latest version
Backup all databases and code
Uninstall XAMPP
Install newer version
That should be fixed.
https://sourceforge.net/projects/xampp/

In File "httpd-ssl.conf" setting :
SSLEngine on (default)
change Off to SSLEngine setting.