SSL Library Error (key values mismatch), but the certificate files DO match

Question

My site (Apache 2.4.6 on CentOS 7) was working fine with SSL until yesterday, but now the apache service fails when I try to restart my server:

$  sudo service httpd restart
$  Enter SSL pass phrase for sitename.com:443 (RSA) : ********
$  Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

Neither of those suggested commands give much info, so by checking the ssl_error_log, I find the following relevant entries:

[ssl:debug] ssl_util_ssl.c(495): AH02412: [sitename.com:443] Cert matches for name 'sitename.com' [ ... (certificate details) ... ]
[ssl:debug] ssl_engine_init.c(984): AH02236: Configuring RSA server private key
[ssl:emerg] AH02238: Unable to configure RSA server private key
[ssl:emerg] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

The last two entries indicate that the key and cert files do not match. The configuration is specified in /etc/httpd/conf.d/sitename.conf :

SSLCertificateKeyFile /etc/pki/tls/private/sitename.com.key
SSLCertificateFile /etc/pki/tls/certs/sitename.com.crt
SSLCertificateChainFile /etc/pki/tls/certs/IntermediateCA.crt

I run the following to look at their modulus, and they do indeed match:

$ openssl x509 -noout -modulus -in /etc/pki/tls/certs/sitename.com.crt | openssl md5
$ openssl rsa -noout -modulus -in /etc/pki/tls/private/sitename.com.key | openssl md5

So it seems like everything should be working, but this is where I am stuck and cannot determine the cause of the error.

Any advice is appreciated. Thank you for your time.

Answer 1

I figured it out. Not sure exactly which package changed from my yum update command, but my guess is that one of them was responsible.

Anyways, I had to remove the password protection from my certificate's private key file:

$  openssl rsa -in [sitename.com.key] -out [sitename.com.key]