RSA certificate configured for SERVER does NOT include an ID which matches the server name
I recently started a LAMP server (all the latest versions) w/ WordPress on it, and I'm trying to install a SSL certificate that I recently purchased. When I restart apachectl
, error_log gives me this:
[Tue Feb 25 01:07:14.744222 2014] [mpm_prefork:notice] [pid 1744] AH00169: caught SIGTERM, shutting down
[Tue Feb 25 01:07:17.135704 2014] [suexec:notice] [pid 1765] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Feb 25 01:07:17.217424 2014] [auth_digest:notice] [pid 1766] AH01757: generating secret for digest authentication ...
[Tue Feb 25 01:07:17.218686 2014] [lbmethod_heartbeat:notice] [pid 1766] AH02282: No slotmem from mod_heartmonitor
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/5.5/modules/mysql.so' - /usr/lib64/php/5.5/modules/mysql.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/5.5/modules/mysqli.so' - /usr/lib64/php/5.5/modules/mysqli.so: cannot open shared object file: No such file or directory in Unknown on line 0
[Tue Feb 25 01:07:17.305292 2014] [mpm_prefork:notice] [pid 1766] AH00163: Apache/2.4.6 (Amazon) OpenSSL/1.0.1e-fips PHP/5.5.7 configured -- resuming normal operations
[Tue Feb 25 01:07:17.305378 2014] [core:notice] [pid 1766] AH00094: Command line: '/usr/sbin/httpd'
While ssl_error_log gives me this:
[Tue Feb 25 00:57:15.802287 2014] [ssl:warn] [pid 1705] AH01909: RSA certificate configured for ec2-XX-XXX-XXX-XX.compute-1.amazonaws.com:443 does NOT include an ID which matches the server name
[Tue Feb 25 00:57:15.899327 2014] [ssl:warn] [pid 1706] AH01909: RSA certificate configured for ec2-XX-XXX-XXX-XX.compute-1.amazonaws.com:443 does NOT include an ID which matches the server name
I changed "ServerName" in ssl.conf
to my server's name (dcturano.com) and restarted apachectl
, yet this error occurs. Any ideas why?
As an aside, I haven't set the CommonName of the server, could that be the issue?
openssl x509 -in server.crt -noout -subject
Should return the CN the of the certificate. That's the name you have to use in the ServerName directive and to connect to.
I had the same issue but it was because of another reason. I post it here for future googlers:
on my apache2 config file, instead of having <VirtualHost *:443>
, I had <VirtualHost *:80>
. As soon as I fixed that, the site was back up and running.
Alternatively, if, like me, you aren't even using ssl, you will still get this error message because using ssl is turned on by default. In that case, turn it off! Here's an excerpt from config.d/ssl.conf
:
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
#SSLEngine on
SSLEngine off
I triggered this issue through my /etc/hosts
file.
I had a virtualhost, let's call it www.effinwhatever.com
The server's hostname was www2.
I added a line to my /etc/hosts
so I could curl stuff against the virtual host:
192.168.1.200 www.effinwhatever.com
As soon as I removed that line from my /etc/hosts
, my Apache server started serving up normally again (with a restart of the service). Weird.
It may also be relevant that my SSL cert is for a wildcard domain.