Apache SSL error: Private key not found
Solution 1:
WARNING: Do not ever post your private key on internet. Do not even copy it to another computer, workstation etc. It must be kept as private as possible.
SSLCertificateKeyFile requires a Private Key. This key is usually generated before CSR or at the same time. Search for a file that starts with a line containing: BEGIN PRIVATE KEY
CSR (certificate signing request) is required only when you ask to sign the certificate. After that you can discard it.
If you lost the Private Key you will need to generate a new Private Key, then generate a new CSR and ask the CA (certificate authority) to sign the CSR again.
Solution 2:
Here is the problem:
SSLCertificateKeyFile /etc/apache2/ssl/domain.csr
You put your certificate signing request (CSR) file here by mistake. You should put there the private key file you used to generate the CSR instead. That private key file should not be password-protected, otherwise you would need to type a password every time you (re-)start Apache.
For the benefit of generations to come, here is a short summary of how to generate CSR-s with OpenSSL (a good tutorial is available from the Ubuntu documentation):
1) Generate the server key:
openssl genrsa -des3 -out server.key 2048
This requires you to specify a password.
2) Making a password-less private key, enter the password you used above when prompted:
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.SECURE
mv server.key.insecure server.key
3) Generate the CSR with your password-less private key:
openssl req -new -key server.key -out mydomain.org.csr
where "mydomain.org" could be your domain. You have to answer a few questions interactively. Once you're done, you send the mydomain.org.csr
file to your certificate authority. You will get back either a *.crt
file or a *.pem
file. Let's assume they gave you mydomain.org.crt
. Install it as your cert and the passwordless key file as your key (the locations are valid for Ubuntu 14.04, they might be somewhere else on other systems, check the Apache2 docs):
sudo cp mydomain.org.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private/mydomain.org.key
And finally edit the Apache2 config (could be default-ssl.conf
):
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mydomain.org.crt
SSLCertificateKeyFile /etc/ssl/private/mydomain.org.key
Hope this helps.
Solution 3:
I know someone has already answered this question, but I wanted to let others know what happened to me when I got this error.
In my cause, I mistakenly had SSLCertificateFile instead of SSLCertificateChainFile for my cert bundle. This error kept appearing and was throwing me for a loop. I kept thinking my private key was wrong.