TurnKey Linux Virtual Appliance Library

LAMP appl.: Apache fails to start when changing certificate

Hello to everybody!

I'd need some help with my freshly installed Turnkey LAMP Appliance.

I need to use the server for just one single website which will need SSL to go (https://www.mywebsite.com).

The problem is that when we ask Linux to generate the CSR by command line, then Apache fails to start. It gives no specific errors, it just refuses to start.

If I do the same from Webmin, everything works fine. The onyl problem is that when we use the CSR to buy the real certificate (GeoTrust) it won't let us buy it because the CSR is not valid (it contains nothing).

Where's the problem? Where do we go wrong?

 

Thank you all,

best regards!

Alon Swartz's picture

This should help...

I discussed SSL certificates in this blog post, take a look...

Thank you!

Thank you!

I'll have a look, I'll let you know...

 

Thank you,

best regards!


no way :(

Sorry man, but I'm still unable to generate a proper CSR. I mean, if I follow the instructions in the post you mentioned, I can't find any way to make Apache start.

Any idea..?


Jeremy's picture

Have you checked the Apache error log?

From memory you'll find it here: /var/log/apache2/error.log

maybe these lines?

Maybe these lines can explain what's going on?

 

[Mon Oct 17 13:06:58 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:06:58 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:06:58 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:06:59 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:06:59 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:06:59 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:14:43 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:14:43 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:14:43 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:15:32 2011] [error] Init: Unable to read server certificate from file /etc/ssl/certs/provablueday.pem
[Mon Oct 17 13:15:32 2011] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 17 13:15:32 2011] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 17 13:16:38 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Oct 17 13:16:38 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)


Jeremy's picture

Google found this...

Perhaps this may help?

Hello! Thank you, we fixed

Hello!

Thank you, we fixed the issue following again the instructions of your post from a clean new VM.

 

Thanks!


THE ANSWER !!! :)

 

Apache is looking for another certificate - different file name ...see this:  
 
http://www.youtube.com/watch?v=_Kyi6LjgqLY

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)