CODEWITHSUNDEEP
apachesslssl-certificatedigital-certificate
ZachC
ZachC

Reputation: 76

Error Restarting Apache - "SSLCACertificateFile takes one argument"

I am trying to set up SSL for my website. In my Apache website hosts file I am using:

SSLEngine On
SSLCertificateFile /etc/ssl/localcerts/www.website.com.crt
SSLCertificateKeyFile /etc/ssl/localcerts/www.website.com.key
SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /etc/ssl/localcerts/ca-client.pem

I am getting this error message when restarting Apache:

 * Restarting web server apache2                                                                                                          [fail]
 * The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 25 of /etc/apache2/sites-enabled/website.com.conf:
SSLCACertificateFile takes one argument, SSL CA Certificate file ('/path/to/file' - PEM encoded)
Action 'configtest' failed.
The Apache error log may have more information.

If I comment out the SSLCACertifcateFile lines, the website works perfectly. As expected the SSL is "Not Trusted" without the CACertificate.

How can I debug this to figure out why I can't include the SSLCACertificateFile? What does the error mean?

Upvotes: 3

Views: 8792

Answers (2)

Alex Khimich
Alex Khimich

Reputation: 828

This error may also happen on Windows Apache installations if folder to .pem or .crt file contains whitespaces.

Instead of:

SSLCertificateFile C:\Users\John Doe\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\example.org-crt.pem

Use quotes:

SSLCertificateFile "C:\Users\John Doe\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\example.org-crt.pem"

Upvotes: 0

Sidupac
Sidupac

Reputation: 671

You say your 'hosts' file had the SSLCACertificateFile line, maybe that is the problem? Move it to your virtual website config file (/etc/apache2/sites-available/yourwebsite.com.conf) or to your default config file if that's what you're using (same directory but default.conf or 000-default.conf)

I'm not exactly sure what your problem is, but for me I had a comment after the SSLCACertificateFile line in my site conf. I am using debian 8.5

nano /etc/apache2/sites-available/yourwebsite.com.conf

I had a comment after it, like so

SSLCACertificateFile    /etc/ssl/certs/ca.pem  #comment

I removed it and it worked again

SSLCACertificateFile    /etc/ssl/certs/ca.pem

Also be sure you have a TAB after SSLCACertificateFile, instead of a space.

Another thought would be, are you using service apache2 reload or service apache2 restart...? I'd suggest giving restart a try and see (if it's reload that isn't working).

Upvotes: 8

Related Questions