Trouble renewing my SSL certificate

Question

So my free SSL certificate from startcom expired, and I went to renew it. I was given a choice of pasting in the contents of my csr, or generating a new one on their website, so I pasted in my csr. Went through the whole domain verification process, got a certificate and replaced my old certificate file with the new one.

I restarted apache and it [fail]ed.

In the logs I found this:

 [Thu Jun 16 07:08:28 2011] [warn] RSA server certificate CommonName (CN) `mydomain.com' does NOT match server name!?
[error] Unable to configure RSA server private key
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

I made sure that the ServerName directive said mydomain.com. But it was still happening, so I assumed that maybe I had the wrong private key or the wrong csr somehow.

Meanwhile, I sent a request to startcom, and they're not getting back to me. So I tried two other free SSLs, comodo and rapidssl (freessl), followed all the instructions (including generating a new csr), and I'm still having the same issue,

score 1 · Answer 1 · answered Jun 16 '11 at 07:21

1

CommonName should match your server name. If your server is named www.mydomain.com, then put that as CommonName.

answered Jun 16 '11 at 07:21

Janne Pikkarainen

31,852
4
58
81

My ServerName is mydomain.com – blockhead Jun 16 '11 at 07:31
No, not necessarily the ServerName what Apache is configured to have. What does `hostname` return? – Janne Pikkarainen Jun 16 '11 at 07:34
1

Actually I don't think `hostname` has anything to do with this. – blockhead Jun 16 '11 at 08:24

score 1 · Accepted Answer · answered Jun 16 '11 at 07:44

1

Not sure why the startcom certificate didn't work, but the other two didn't work because I had other virtualhosts referring to the old one.

answered Jun 16 '11 at 07:44

blockhead

861
1
8
13

Trouble renewing my SSL certificate

2 Answers2