Trouble renewing my SSL certificate

Posted on

Trouble renewing my SSL certificate – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about apache-2.2, ssl, mod-ssl, , .

So my free SSL certificate from startcom expired, and I went to renew it.
I was given a choice of pasting in the contents of my csr, or generating a new one on their website, so I pasted in my csr. Went through the whole domain verification process, got a certificate and replaced my old certificate file with the new one.

I restarted apache and it [fail]ed.

In the logs I found this:

 [Thu Jun 16 07:08:28 2011] [warn] RSA server certificate CommonName (CN) `mydomain.com' does NOT match server name!?
[error] Unable to configure RSA server private key
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

I made sure that the ServerName directive said mydomain.com. But it was still happening, so I assumed that maybe I had the wrong private key or the wrong csr somehow.

Meanwhile, I sent a request to startcom, and they’re not getting back to me. So I tried two other free SSLs, comodo and rapidssl (freessl), followed all the instructions (including generating a new csr), and I’m still having the same issue,

Solution :

CommonName should match your server name. If your server is named www.mydomain.com, then put that as CommonName.

Not sure why the startcom certificate didn’t work, but the other two didn’t work because I had other virtualhosts referring to the old one.

Leave a Reply

Your email address will not be published.