12

Apache throws the following errors after attempting to set up ssl certificates:

[ssl:emerg] [pid 30907] AH02572: Failed to configure at least one certificate and key for localhost:443
[ssl:emerg] [pid 30907] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[ssl:emerg] [pid 30907] AH02312: Fatal error initialising mod_ssl, exiting.

I using MAC OS:Yosemite, PHP 5.5.20, Apache 2.4.9

and have followed these steps to generate my ssl certificate from (http://www.akadia.com/services/ssh_test_certificate.html)

cd /etc/apache2/
sudo mkdir certs                                        
cd certs                                                
sudo openssl genrsa -des3 -out server.key 1024          
sudo openssl req -new -key server.key -out server.csr

  Country Name (2 letter code) [GB]:US
  State or Province Name (full name) [Berkshire]:California 
  Locality Name (eg, city) [Newbury]:LA
  Organization Name (eg, company) [My Company Ltd]:Company
  Organizational Unit Name (eg, section) []:
  Common Name (eg, your name or your server's hostname) []:dev.test.local
  Email Address []:username@gmail.com
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:

sudo cp server.key server.key.org     
sudo openssl rsa -in server.key.org -out server.key
sudo openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt

Next I have the following set up for my apache config files:

etc/apache2/httpd.conf:

LoadModule ssl_module libexec/apache2/mod_ssl.so
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
Include /private/etc/apache2/extra/httpd-ssl.conf

etc/apache2/extra/httpd-ssl.conf:

Listen 443
SSLPassPhraseDialog  builtin
<VirtualHost _default_:443>
SSLEngine on
Mutex sysvsem default # Added after seeing mutex issues for apache 2.4, http://stackoverflow.com/questions/13969272/apache-sslmutex-issue

etc/apache2/extra/httpd-vhosts.conf:

<VirtualHost *:443>

    ServerName dev.test.local
    DocumentRoot "/Users/username/Sites/test/public"

    <Directory "/Users/username/Sites/test/public">
         Options Indexes FollowSymLinks MultiViews
         AllowOverride All
         Order allow,deny
         allow from all
    </Directory>

    SSLEngine on       
    SSLCertificateFile    /etc/apache2/certs/server.crt
    SSLCertificateKeyFile /etc/apache2/certs/server.key

</VirtualHost>

After restarting and running apache config test it looks as though there are no issues:

sudo apachectl restart
sudo apachectl configtest
[Tue Jan 06 13:56:01.480270 2015] [so:warn] [pid 31636] AH01574: module php5_module is already loaded, skipping
Syntax OK

Help is greatly appreciated and I am happy to supply more information if needed.

luk2302
  • 55,258
  • 23
  • 97
  • 137
Lipika
  • 123
  • 1
  • 1
  • 7
  • Since you verified that the key and certificates matched, the leading candidate for the failure is in the access to the files containing them. For example, when you created the certs subdirectory, what are the permissions for reading that subdirectory? – maurice Jan 07 '15 at 00:13
  • Also, did you give your key a passphrase? apache will need to find that too. – maurice Jan 07 '15 at 00:58
  • Ah, ok so I thought that might be an issue with file permissions, I gave the file full permissions and no luck. drwxrwxrwx 6 root wheel 204 certs – Lipika Jan 07 '15 at 01:29
  • And yes I did add a passphrase, did I miss some other setup with passphrase? Or does this cover that? cp server.key server.key.org openssl rsa -in server.key.org -out server.key – Lipika Jan 07 '15 at 01:31
  • For test purposes, please generate new cert+key without a phrase and try that. If it works, then I hope some kind soul will point you to the correct apache config file setting to use passphrases with your cert+key pair. – maurice Jan 07 '15 at 01:50
  • So, I have now just tried this tutorial and for avoiding the passphrase: http://brianflove.com/2014/12/01/self-signed-ssl-certificate-on-mac-yosemite/. Still no dice. – Lipika Jan 07 '15 at 22:37

6 Answers6

5

I ran into the same problem. Now I resolved it.

You included 

/private/etc/apache2/extra/httpd-ssl.conf

in httpd.conf.

So you still need to set following keys in 'httpd-ssl.conf'

SSLCertificateFile "path to your crt"
SSLCertificateKeyFile "path to your key"

Hope it is helpful.

ekad
  • 14,436
  • 26
  • 44
  • 46
Jeremy Zhu
  • 51
  • 1
  • 3
5

I encountered this just today after upgrading to MacOS High Sierra version 10.13.6. My virtual hosts with SSL were working fine before the upgrade. Then today, when I tried to start up my Apache web server, I got this error:

[Fri Jul 20 10:51:06.021778 2018] [ssl:emerg] [pid 2236] AH02572: Failed to configure at least one certificate and key for work.localweb.com:80
[Fri Jul 20 10:51:06.022024 2018] [ssl:emerg] [pid 2236] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jul 20 10:51:06.022037 2018] [ssl:emerg] [pid 2236] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed

Check my apache version and it is now 2.4.33. Apparently in this version you will need to put the SSLCertificateFile and SSLCertificateKeyFile entries in the virtual host itself. So, I copied the entries from extra/httpd-ssl.conf and put it in every SSL virtual host that I had configured.

<VirtualHost *:443>
  ServerAdmin me@mymail.com
  ServerName work.localweb.com
  SSLCertificateFile "/private/etc/apache2/server.crt"
  SSLCertificateKeyFile "/private/etc/apache2/server.key"
  ......
</VirtualHost>

Then the start up works again.

GJN
  • 51
  • 1
  • 2
  • 1
    Jep, this fixed it for me too I also added "SSLEngine on" direcly below And then the SSLCertificateFile, SSLCertificateKeyFile, SSLCertificateChainFile etc. – Dude Aug 29 '18 at 06:40
4

In hope to help new visitors.

I had the same error lines in log file.

My mistake was to include 

SSLEngine on

outside a VirtualHost block, in a .conf file, along with common values for SSLProtocol, SSLCipherSuite, SSLHonorCipherOrder...

ondelettes
  • 109
  • 1
  • 3
3

I also had the same problem. In my case I had also just included extra/httpd-ssl.conf as some of the others had mentioned. As said above, make sure you have entries in this file for

SSLCertificateFile "/usr/local/etc/apache24/ssl.crt/mydomaincertificate.crt"

SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key/myprivatekey.key"

Even though the same entries are in extra/httpd-vhosts.conf for my main domain. I also had to make sure that in httpd.conf the "ServerName" entry matched a name in the certificate.

While this is off no use to the OP, it may be of use to someone like me searching on this error after setting up SSL

Andrew
  • 31
  • 2
2

I had these same errors after updating to Apache 2.4.33. It seems that SSLCertificateFile and SSLCertificateKeyFile now have to be inside the <VirtualHost> block, whereas previously they didn't.

Coder
  • 2,833
  • 2
  • 22
  • 24
1

I ran into this problem after updating to Apache 2.4.33.

I had to <VirtualHost></VirtualHost> blocks in my httpd-vhosts.conf file. I removed this one:

<VirtualHost *:443>
    ServerName "<your server name>"
    DocumentRoot "<your path>"
</VirtualHost>

restarted apache and it worked.

James Stewart
  • 869
  • 12
  • 33