Apache2 server down Private key not found
Question
AH02579: Init: Private key not found
I have
- ubuntu
- root
www-data
users
my root and ubuntu can access the key filenano /etc/letsencrypt/live/server.x.com/fullchain.pem
And when i do
sudo service apache2 restart
my website gave 521 and acpache logs show
AH02564: Failed to configure encrypted (?) private key$
AH00016: Configuration Failed
[Mon May 25 17:19:12.374354 2020] [ssl:error] [pid 4962:tid 140701433358208] AH02579: Init: Private key not found
I have done
sudo chmod 700 /etc/letsencrypt/live/server.x.com/
sudo chmod 400 /etc/letsencrypt/live/server.x.com/fullchain.pem
But still apache can not find key
Update
Hey i think this is something that can help answering
I do have 2 pem files
And when i go to previous private key and do
ubuntu@ip-172:/etc/letsencrypt/live/app.x.com$ openssl rsa -in privkey.pem -noout -check
RSA key ok
and if i use this then server is running fine
But when i add my other subdomain and created certificate for it then
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl rsa -in privkey.pem -noout -check
Error opening Private Key privkey.pem
140659156387480:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('privkey.pem','r')
140659156387480:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key
And when i load this in.conf file then apache2 give error
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
After running this command
Generating a 4096 bit RSA private key
...........................................................................................................................................................................................................................................................................++
..........++
unable to write 'random state'
writing new private key to 'key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:X
Locality Name (eg, city) []:Phillaur
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:server
Common Name (e.g. server FQDN or YOUR name) []:rajanlagah
Email Address []:rajanlagah@gmail.com
And
ls
cert.pem key.pem
And
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl rsa -in cert.pem
unable to load Private Key
140670293214872:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
1 answers
solution1
1 ACCPTED 2020-05-26 00:43:41
Check if SSLCertificateKeyFile is pointing to a file containing a private key.ie
# openssl rsa -in /opt/localhost.key -noout -check
RSA key ok
create a self sign certificate using openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.