[Bug 57360] Fail gracefully on certificate/key mismatch

[bu...@apache.org]

https://bz.apache.org/bugzilla/show_bug.cgi?id=57360

--- Comment #5 from Andrew G. Watters <an...@andrewwatters.com> ---
This is still a bug as of 2022.  I was panicking because I manage several
websites, all of which are under one certificate and were down for 45 minutes
while I troubleshooted.  It would be really helpful if regular HTTP could start
without HTTPS in the event of a mismatch.

The cryptic startup error messages eventually led me to the ssl_error_log,
which reported:

AH02565: Certificate and private key fe80::3eec:efff:fefb:56d6:443:0 from
/mnt/raid5/etc/ssl/andrewwatters_com.crt and
/mnt/raid5/etc/ssl/andrewwatters_com.key do not match

This apparently happens when the Certificate Signing Request uses the wrong
key.  To correct the CSR and use it with your existing key, do this:

openssl req -new -key yourkey.key -out req.csr

You'll have to fill out the required CSR fields, and you'll get a corrected CSR
to use with your SSL provider.  Hopefully they can promptly reissue the
certificate or else you have a few days left on your prior certificate.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org