New cert/key from letsencrypt not accepted by Apache
Posted: 2019/01/10 14:05:41
This is on a current Centos 6.10 machine. We have been using the certs from letsencrypt.org and the auto renewal using certbot and all was fine, the certificate and private key were working perfectly. Now due to some policy change we can't use certbot any longer and have switched to dehydrate. This retrieves a certificate and private key just fine but for some reason Apache is choking on them. Every test that we can find seems to show that the certificate and private key are matching and good. The only thing that I see is that the private key contains about 2x the encoded content as it did before. Any thoughts about why Apache may be rejecting the private key with:
And yes the configuration and permissions are correct for the certificate and private key. I am guessing that there is more content in the private key file and that Apache is just looking for something at the start of it and not finding what it wants.
Thank you for any advise.
Code: Select all
[Thu Jan 10 08:56:31 2019] [error] Init: Private key not found
[Thu Jan 10 08:56:31 2019] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Jan 10 08:56:31 2019] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Thu Jan 10 08:56:31 2019] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Jan 10 08:56:31 2019] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Thu Jan 10 08:56:31 2019] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Thu Jan 10 08:56:31 2019] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Thu Jan 10 08:56:31 2019] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
Thank you for any advise.