5

I am have been trying to setup an ssl certificate for a few days now, I am buying it from Namecheap.com and I am buying a rapid ssl wildcard certificate I am doing the following:

  1. Generate a csr - openssl req -newkey rsa:2048 -nodes -keyout server.key -out server.csr
  2. I then wait to recieve an email to download the .crt file
  3. Get the intermediate certificate and save it intermediatecert.crt
  4. I then cat intermediatecert.crt >> sslcertificate.crt

  5. I then add the following lines to my nginx virtual host file 

    ssl_certificate /etc/ssl/sslcertificate.crt;

ssl_certificate_key /etc/ssl/server.key;

  6. I then restart my server and get the following error

    [emerg]: SSL_CTX_use_PrivateKey_file("/etc/ssl/server.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

Does anyone have any ideas ?

FIXED

I fixed this by not reissuing it via namecheap and went straight to rapidssl to reissue and upload my csr.

cjc
  • 24,916
  • 3
  • 51
  • 70
Oliver Bayes-Shelton
  • 366
  • 1
  • 3
  • 11
  • 1
    You notice that you configured the key file as `/etc/ssl/server.key`, but your error message says `/etc/nginx/ssl/server.key`? I'd check the config again to make sure there are no stray SSL options that you may have left from earlier, and that you're hitting the right vhost. – cjc Jul 16 '12 at 12:47
  • sorry it was a copy and paste error when I was writing the question. – Oliver Bayes-Shelton Jul 16 '12 at 12:48
  • can you verify that your key actually matches the cert? https://kb.wisc.edu/middleware/page.php?id=4064 (basically, compare the modulus of the key and cert) – cjc Jul 16 '12 at 13:03
  • 4
    I ran into the same issue with namecheap. It worked perfectly after re-issued through rapidssl. Thanks! – Sanketh Katta Jan 18 '13 at 20:15
  • I also had to reissue through geotrust for it to work - after reissuing 3 times through namecheap thinking it was my fault. –  Mar 06 '13 at 20:46
  • Same here, had to reissue through RapidSSL to get it to work. – imsky Jan 24 '14 at 00:39

1 Answers1

3

As noted in the question, Namecheap must have an issue with the "Reissue" feature available in the dashboard. To reissue the cert directly from RapidSSL, visit this page and enter your info: https://products.geotrust.com/orders/orderinformation/authentication.do

I had the same issue after I accidentally deleted my key file and csr for the original request, and this cleared it right up!

Max
  • 131
  • 3
  • I'm having this same problem, but going to the GeoTrust tool gives the error, "Cannot validate the information you submitted." even after verifying the data is correct. Their knowledge center page isn't much help and has an outdated screenshot. Any tips? – DanH Apr 08 '14 at 21:02