RSA certificate configured for SERVER does NOT include an ID which matches the server name

mysql linux apache-2.2 php amazon-ec2

I recently started a LAMP server (all the latest versions) w/ WordPress on it, and I'm trying to install a SSL certificate that I recently purchased. When I restart apachectl, error_log gives me this:

[Tue Feb 25 01:07:14.744222 2014] [mpm_prefork:notice] [pid 1744] AH00169: caught SIGTERM, shutting down
[Tue Feb 25 01:07:17.135704 2014] [suexec:notice] [pid 1765] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Feb 25 01:07:17.217424 2014] [auth_digest:notice] [pid 1766] AH01757: generating secret for digest authentication ...
[Tue Feb 25 01:07:17.218686 2014] [lbmethod_heartbeat:notice] [pid 1766] AH02282: No slotmem from mod_heartmonitor
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib64/php/5.5/modules/mysql.so' - /usr/lib64/php/5.5/modules/mysql.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib64/php/5.5/modules/mysqli.so' - /usr/lib64/php/5.5/modules/mysqli.so: cannot open shared object file: No such file or directory in Unknown on line 0
[Tue Feb 25 01:07:17.305292 2014] [mpm_prefork:notice] [pid 1766] AH00163: Apache/2.4.6 (Amazon) OpenSSL/1.0.1e-fips PHP/5.5.7 configured -- resuming normal operations
[Tue Feb 25 01:07:17.305378 2014] [core:notice] [pid 1766] AH00094: Command line: '/usr/sbin/httpd'

While ssl_error_log gives me this:

[Tue Feb 25 00:57:15.802287 2014] [ssl:warn] [pid 1705] AH01909: RSA certificate configured for ec2-XX-XXX-XXX-XX.compute-1.amazonaws.com:443 does NOT include an ID which matches the server name
[Tue Feb 25 00:57:15.899327 2014] [ssl:warn] [pid 1706] AH01909: RSA certificate configured for ec2-XX-XXX-XXX-XX.compute-1.amazonaws.com:443 does NOT include an ID which matches the server name

I changed "ServerName" in ssl.conf to my server's name (dcturano.com) and restarted apachectl, yet this error occurs. Any ideas why?

As an aside, I haven't set the CommonName of the server, could that be the issue?


openssl x509 -in server.crt -noout -subject

Should return the CN the of the certificate. That's the name you have to use in the ServerName directive and to connect to.


I had the same issue but it was because of another reason. I post it here for future googlers:

on my apache2 config file, instead of having <VirtualHost *:443>, I had <VirtualHost *:80>. As soon as I fixed that, the site was back up and running.


Alternatively, if, like me, you aren't even using ssl, you will still get this error message because using ssl is turned on by default. In that case, turn it off! Here's an excerpt from config.d/ssl.conf:

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
#SSLEngine on
SSLEngine off

I triggered this issue through my /etc/hosts file.

I had a virtualhost, let's call it www.effinwhatever.com

The server's hostname was www2.

I added a line to my /etc/hosts so I could curl stuff against the virtual host:

192.168.1.200         www.effinwhatever.com

As soon as I removed that line from my /etc/hosts, my Apache server started serving up normally again (with a restart of the service). Weird.

It may also be relevant that my SSL cert is for a wildcard domain.

Related

Windows serial console
The strange case of Mr. Time To First Byte
choosing the right SSL certificate
How practical is it to authenticate a Linux server against AD?
number of nginx worker processes
What are the IUSR and IWAM accounts for in IIS?
Trying to get SSH with public key (no password) + google authenticator working on Ubuntu 14.04.1
How to display interface in tcpdump output flow?
Alternative Remote Desktop Software
What kinds of security vulnerabilities does providing DNSSEC expose?
Nginx set_real_ip_from AWS ELB load balancer address
How to prevent ntpd to listen on 0.0.0.0:123?