You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2023/01/05 15:50:14 UTC
[Bug 57360] Fail gracefully on certificate/key mismatch
https://bz.apache.org/bugzilla/show_bug.cgi?id=57360
--- Comment #5 from Andrew G. Watters <an...@andrewwatters.com> ---
This is still a bug as of 2022. I was panicking because I manage several
websites, all of which are under one certificate and were down for 45 minutes
while I troubleshooted. It would be really helpful if regular HTTP could start
without HTTPS in the event of a mismatch.
The cryptic startup error messages eventually led me to the ssl_error_log,
which reported:
AH02565: Certificate and private key fe80::3eec:efff:fefb:56d6:443:0 from
/mnt/raid5/etc/ssl/andrewwatters_com.crt and
/mnt/raid5/etc/ssl/andrewwatters_com.key do not match
This apparently happens when the Certificate Signing Request uses the wrong
key. To correct the CSR and use it with your existing key, do this:
openssl req -new -key yourkey.key -out req.csr
You'll have to fill out the required CSR fields, and you'll get a corrected CSR
to use with your SSL provider. Hopefully they can promptly reissue the
certificate or else you have a few days left on your prior certificate.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org