Reputation: 2528
Apache2 server down Private key not found
AH02579: Init: Private key not found
I have
- ubuntu
- root
www-data
users
my root and ubuntu can access the key filenano /etc/letsencrypt/live/server.x.com/fullchain.pem
And when i do
sudo service apache2 restart
my website gave 521 and acpache logs show
AH02564: Failed to configure encrypted (?) private key$
AH00016: Configuration Failed
[Mon May 25 17:19:12.374354 2020] [ssl:error] [pid 4962:tid 140701433358208] AH02579: Init: Private key not found
I have done
sudo chmod 700 /etc/letsencrypt/live/server.x.com/
sudo chmod 400 /etc/letsencrypt/live/server.x.com/fullchain.pem
But still apache can not find key
Update
Hey i think this is something that can help answering
I do have 2 pem files
And when i go to previous private key and do
ubuntu@ip-172:/etc/letsencrypt/live/app.x.com$ openssl rsa -in privkey.pem -noout -check
RSA key ok
and if i use this then server is running fine
But when i add my other subdomain and created certificate for it then
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl rsa -in privkey.pem -noout -check
Error opening Private Key privkey.pem
140659156387480:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('privkey.pem','r')
140659156387480:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key
And when i load this in .conf file then apache2 give error
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
After running this command
Generating a 4096 bit RSA private key
...........................................................................................................................................................................................................................................................................++
..........++
unable to write 'random state'
writing new private key to 'key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:X
Locality Name (eg, city) []:Phillaur
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:server
Common Name (e.g. server FQDN or YOUR name) []:rajanlagah
Email Address []:[email protected]
And
ls
cert.pem key.pem
And
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl rsa -in cert.pem
unable to load Private Key
140670293214872:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
Upvotes: 0
Views: 1490
Answers (1)
Reputation: 1741
Check if SSLCertificateKeyFile is pointing to a file containing a private key.i.e
# openssl rsa -in /opt/localhost.key -noout -check
RSA key ok
create a self sign certificate using openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365.
Upvotes: 1
Related Questions
- Unable to start Apache on CentOS Private Key Not Found
- apache2 won't start cause ssl : "Failed to configure encrypted (?) private key"
- Apache2 restart failed on ubuntu
- SSL on Apache HTTP Server
- Ubuntu 14.04 server can't open port
- Apache2 Server Won't Start
- Apache - Init: Can't open server private key file
- SSL Certificate installation apache 2 not working
- Cannot setup SSL keys on my apache server in AWS EC2
- SSL install on Apache, lost the key file