-1

I’ve had our site up and operational for approx. 2 months. The website will no longer load if SSL is enabled. I can edit the /etc/apache2/sites-enabled/wordpress and rem out the SSL configuration and the site will load listening on *:80 The certificates are SHA2 compliant.

Here is what my configuration file looks like

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
UseCanonicalName Off
ServerAdmin butlera at mehlvilleschooldistrict.net
DocumentRoot /var/www/wordpress
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/prodev.cer
SSLCertificateKeyFile /etc/ssl/private/prodev.key
SSLCertificateChainFile /etc/ssl/certs/gd_bundle-g2.crt
ServerAdmin butlera at mehlvilleschooldistrict.net
ServerName my.server.address
ServerAlias http://www.my.server.address
DocumentRoot /var/www/wordpress
</VirtualHost>

<Directory /var/www/wordpress>
Options +FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>

Here is my error.log

[Mon Oct 03 17:53:39 2016] [info] Init: Seeding PRNG with 656 bytes of entropy
[Mon Oct 03 17:53:39 2016] [info] Loading certificate & private key of SSL-aware server
[Mon Oct 03 17:53:39 2016] [error] Init: Private key not found
[Mon Oct 03 17:53:39 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 03 17:53:39 2016] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Mon Oct 03 17:53:39 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 03 17:53:39 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Mon Oct 03 17:53:39 2016] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Mon Oct 03 17:53:39 2016] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Oct 03 17:53:39 2016] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

Any Help Would be greatly appreciated

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
Tony Butler
  • 1
  • 2
    The error log clearly indicates that it's having a problem loading the private key. So you should look there first. – Michael Hampton Oct 03 '16 at 19:58
  • I've looked at the private key and the public key. They haven't changed. I've reloaded the bundle chain. I've also tried changing SSLCertificateChainFile to SSLCACertificateFile. – Tony Butler Oct 03 '16 at 20:05
  • using openssl rsa -noout -modulus -in file.key | openssl md5 I get unable to load Private Key 140462285887144:error:0906D066:PEM_read_bio:bad end line:pem_lib.c:804 The file has the proper number of dashes and both the beginning and end say BEGIN or END RSA PRIVATE KEY any ideas what else it could be? – Tony Butler Oct 03 '16 at 20:29
  • That suggests that the file is corrupt. Do the contents look OK? Are all of the lines between BEGIN and END (except possibly the last one) the same length? Has the modification time on the file as reported by `ls -l` changed? Can you get a copy of this file from backup from a time when you know Apache started OK? – Paul Haldane Oct 03 '16 at 21:36
  • The mod time is a year ago. I restored the private key from a backup when everything was working with still the same result. – Tony Butler Oct 04 '16 at 12:13
  • I've resolved the issue. The key had a blank line after -----BEGIN RSA PRIVATE KEY----- – Tony Butler Oct 04 '16 at 13:35

1 Answers1

0

The problem was the file had blank lines before and after -----BEGIN RSA PRIVATE KEY----- and a blank line before -----END RSA PRIVATE KEY-----

Tony Butler
  • 1