Simple Fixes For Apache And Web Servers With SSL Errors

As with any type of installation of a new component to a server, there is always the chance that there can be some small problem or issue that creates error messages and that may even prevent the server from starting.

With Apache and web servers this is nothing to worry about and it is often a very easy fix. However, it can be frustrating and different to track down if you are not continually working with SSL certificate products or if you are just getting started in the IT field. It can also be very stressful for do-it-yourself small business owners trying to install SSL products onto a server for the first time.

With all Apache and web servers, it will be important to know the distribution and version you are using. While the general steps and troubleshooting issues will be the same, there are some slight variations, particularly with the older versions of the servers. Ideally, refer to the specific information for the version and distribution to have the most effective way to identify the issue and get it resolved.

One of the most helpful things to do when you are experiencing a problem with the Apache and web servers connected to the Apache server is to start by taking a closer look at the log files. These will be found in different files. These logs may be found in a file that will include the term error log and it may be located in a local subdirectory. It can even be in the program files under the Apache Group.

It is also possible that someone, at some time, created a different log file location. A good place to look is in the VirtualHost section, but it may also be in other locations as well.

RSA Key Errors

In both Apache and web servers of other Linux-based platforms, it will be important to know the specific error log message to determine the issue. One of the most common to see is a message that indicates unable to configure RSA server private key or a message about key values mismatch.

This can often happen if a private key file is not uniquely named and an old key or another key for a different SSL/TLS certificate is selected and installed. The result is that the private key is not matching the cert so there is an error generated in the error log.

It is possible to check the two files to see if they match. There has to be a perfect match between the key and certificate file. If it is not matched, you will need to find the right pair and upload the incorrect file.

When or if the private key cannot be located or if there is a concern of a possible breach with the key, simply generating a new Certificate Signing Request and completing the install. The private key cannot be regenerated or recreated by the server.

Untrusted or Missing Certificates

It is possible for both Apache and web servers such as Debian or CentOS/RedHat to fail to send the complete certificate chain. This can occasionally happen if the SSLCertificateChainFile is not pointing towards the Comodo CA .crt file.

It is also possible that there is another certificate or .conf file that is using the IP address and the port. This can be corrected by making sure the # is not included in the file. It is important to comment out or remove the hashtag and then restart the server.

There are several other errors that can occur more commonly on different browsers and with specific types of configurations. These can often be more challenging to detect, so we provide support for our customers throughout our customer support team. They can provide specific information on the issues that may be resulting in those very unwelcome error messages.

If you are considering adding SSL/TLS products for your website and are running an Apache web server, you can review our Certificate Signing Request and installation guides in the knowledge section. We also provide some great articles and information in the resource area of the website. Everything is fully searchable, just use the server type and a few words describing what you need and you will have full access to the information you require.

To talk to our staff in person, contact us by phone at +1 888 266 6361. For quick questions, you can also contact our staff via the Live Chat system at any page on https://www.instantssl.com.

Related Articles
Content

Close icon

Comodo Advisor CHAT WITH
AN ONLINE ADVISOR

Chat With Instantssl Sales Team

Chat with Support

Click here to visit the online Comodo Support Portal.

Your support question may have already been answered.