Certificate from ssls is shutting down apache2

[Copernicus365]

Hi
I have installed LAMP on my Debian 10 and now im trying to get https working for my domain sthlmcity.eu. I followed this guide step by step to fix https: https://www.linkedin.com/pulse/ssl-conf ... a-ranawaka
I bought a certificate from ssls.com because I needed a certificate. I got a .txt file which begins with: "-----BEGIN PRIVATE KEY-----" and ends with "-----END PRIVATE KEY-----". Inside, there is info that looks like a hard to guess password which is many lines long. I assumed that this info from this certifitcate txt file, from ssls, is what I should paste into these files:

Code: Select all

SSLCertificateFile  /etc/apache2/ssl/certificate.crt

and

Code: Select all

SSLCertificateKeyFile /etc/apache2/ssl/private.key

. This was wrong, because now apache2 crashes on start and the error is about the certificate like this:

Code: Select all

[Sun Nov 22 14:12:22.484738 2020] [ssl:emerg] [pid 19080] AH02562: Failed to configure certificate HeligeErikPC.eu:443:0 (with chain), check /etc/apache2/ssl/certificate.crt
[Sun Nov 22 14:12:22.484807 2020] [ssl:emerg] [pid 19080] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even j$
[Sun Nov 22 14:12:22.484821 2020] [ssl:emerg] [pid 19080] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed

.

How do I fix the certificate file/files so that apache2 works with https?

Edit: I found a linux command line on the ssls webpage (on my account). I pasted it into terminal and it looked like this (it changed something):

Code: Select all

openssl req -new -newkey rsa:2048 -nodes -keyout sthlmcity_eu.pem -out sthlmcity_eu.csr -subj /CN=sthlmcity.eu; cat sthlmcity_eu.csr

The result was (without my certificate info, instead I typed *Here was the certificate info*, because I think it is private):

Code: Select all

Generating a RSA private key
.......+++++
....................................................................+++++
writing new private key to 'sthlmcity_eu.pem'
-----
-----BEGIN CERTIFICATE REQUEST-----
*Here was the certificate info*
-----END CERTIFICATE REQUEST-----

Without being a pro I think this added the certificate to a file ending with .pem.
Apache2 cant start still, after I followed the guide from Sachila Ranawaka (https://www.linkedin.com/pulse/ssl-conf ... a-ranawaka).
How can I fix https for my sthlmcity.eu domain?
Does it matter that my pc name is different than the domain name?

Edit 3: I found that the linux command made two files which look like certificate files (sthlmcity_eu.csr & sthlmcity_eu.pem). The first one looks exactly like my first paste-try (the same info). The .pem file on the other hand, it looks different. So I tried with the pem info instead, as in the beginning. Apache2 still crashed but this time with this error:

Code: Select all

[Sun Nov 22 14:29:22.407183 2020] [ssl:emerg] [pid 20014] AH02562: Failed to configure certificate HeligeErikPC.eu:443:0 (with chain), check /etc/apache2/ssl/certificate.crt
[Sun Nov 22 14:29:22.407229 2020] [ssl:emerg] [pid 20014] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even j$
[Sun Nov 22 14:29:22.407244 2020] [ssl:emerg] [pid 20014] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
[Sun Nov 22 14:36:06.092906 2020] [ssl:emerg] [pid 20237] AH02562: Failed to configure certificate HeligeErikPC.eu:443:0 (with chain), check /etc/apache2/ssl/certificate.crt
[Sun Nov 22 14:36:06.092969 2020] [ssl:emerg] [pid 20237] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even j$
[Sun Nov 22 14:36:06.092983 2020] [ssl:emerg] [pid 20237] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
[Sun Nov 22 14:44:14.716346 2020] [core:warn] [pid 20384] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
[Sun Nov 22 14:44:14.720522 2020] [mpm_prefork:notice] [pid 20384] AH00163: Apache/2.4.38 (Debian) configured -- resuming normal operations
[Sun Nov 22 14:44:14.720563 2020] [core:notice] [pid 20384] AH00094: Command line: '/usr/sbin/apache2'
[Sun Nov 22 14:53:07.880572 2020] [mpm_prefork:notice] [pid 20384] AH00169: caught SIGTERM, shutting down
[Sun Nov 22 14:53:07.964390 2020] [ssl:emerg] [pid 20595] AH02562: Failed to configure certificate HeligeErikPC.eu:443:0 (with chain), check /etc/apache2/ssl/certificate.crt
[Sun Nov 22 14:53:07.964440 2020] [ssl:emerg] [pid 20595] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even j$
[Sun Nov 22 14:53:07.964455 2020] [ssl:emerg] [pid 20595] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed

How do I fix https for my domain with apache2?

[reinob]

Since you opted to pay for a certificate, you should ask them to provide you with support.
I think you have made a mess mixing certificate signing requests (which you can generate yourself using openssl but need to be signed by your provider) and private/public keys.

Delete the whole mess and ask them. Don't follow some random tutorial.
Again, you've decided to pay for a certificate ($DEITY knows why), so let them give you the service you've paid for.

Or dump the whole mess and use Let's Encrypt, which, if you can read a manual, is the best option, and will even take care of renewals for you.