Apache SSL error: Private key not found

apache-2.2 ssl ubuntu

Solution 1:

WARNING: Do not ever post your private key on internet. Do not even copy it to another computer, workstation etc. It must be kept as private as possible.

SSLCertificateKeyFile requires a Private Key. This key is usually generated before CSR or at the same time. Search for a file that starts with a line containing: BEGIN PRIVATE KEY

CSR (certificate signing request) is required only when you ask to sign the certificate. After that you can discard it.

If you lost the Private Key you will need to generate a new Private Key, then generate a new CSR and ask the CA (certificate authority) to sign the CSR again.

Solution 2:

Here is the problem:

SSLCertificateKeyFile   /etc/apache2/ssl/domain.csr

You put your certificate signing request (CSR) file here by mistake. You should put there the private key file you used to generate the CSR instead. That private key file should not be password-protected, otherwise you would need to type a password every time you (re-)start Apache.

For the benefit of generations to come, here is a short summary of how to generate CSR-s with OpenSSL (a good tutorial is available from the Ubuntu documentation):

1) Generate the server key:

openssl genrsa -des3 -out server.key 2048

This requires you to specify a password.

2) Making a password-less private key, enter the password you used above when prompted:

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.SECURE
mv server.key.insecure server.key

3) Generate the CSR with your password-less private key:

openssl req -new -key server.key -out mydomain.org.csr

where "mydomain.org" could be your domain. You have to answer a few questions interactively. Once you're done, you send the mydomain.org.csr file to your certificate authority. You will get back either a *.crt file or a *.pem file. Let's assume they gave you mydomain.org.crt. Install it as your cert and the passwordless key file as your key (the locations are valid for Ubuntu 14.04, they might be somewhere else on other systems, check the Apache2 docs):

sudo cp mydomain.org.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private/mydomain.org.key

And finally edit the Apache2 config (could be default-ssl.conf):

    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/mydomain.org.crt
    SSLCertificateKeyFile   /etc/ssl/private/mydomain.org.key

Hope this helps.

Solution 3:

I know someone has already answered this question, but I wanted to let others know what happened to me when I got this error.

In my cause, I mistakenly had SSLCertificateFile instead of SSLCertificateChainFile for my cert bundle. This error kept appearing and was throwing me for a loop. I kept thinking my private key was wrong.

Related

Postfix Multi Domain Email Going to Spam
cron job occasionally not running
Why are there so many files in /var/spool/postfix/maildrop
upgrading from Redis 2.8.19 to 3.0.1
Likely causes of NTPD dying unexpectedly and solutions
UPS Requirements - Max load or actual load?
Tomcat service does not see $JAVA_HOME
Is it possible for a child domain and a OU in the parent domain to share the same name?
TCPDUMP capture new connections only
dist-upgrade fails on libc6 because "kernel too old"
How to handle Redis raising memory fragmentation?
ZFS stripe on top of hardware RAID 6. What could possibly go wrong?