Apache won't restart, ssl errors

0
votes

my websites are alll down, including those upon which my livelihood depends. tail /var/log/apache/error.log gives me this:

[Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN) www.tonybaldwin.info' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN)mail.myownsite.me' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN) mail.myownsite.me' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN)mail.myownsite.me' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN) mail.myownsite.me' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN)mail.myownsite.me' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN) mail.myownsite.me' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [warn] RSA server certificate CommonName (CN)red.liberame.org' does NOT match server name!? [Tue Mar 01 06:07:59 2016] [error] Unable to configure RSA server private key [Tue Mar 01 06:07:59 2016] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

is there any way to force Apache to restart despite these ssl errors, or must I recreate all of these certificates? or how else can I resolve this problem? one thing that really stumps me is that mail.myownsite.me is not in any apache configs or vhosts, afaik, it should only be of concern to dovecot and/or postfix, so I don't understand why it appears in the apache error.log This is on a vps running debian jessie.

1
apachessldebian-7.6.0
What changes were done before these errors started showing up? - Anand Bhat
I had only renewed a cert from startssl.com - tonybaldwin
perhaps I should also mention that there is also no vhost anywhere for red.liberame.org, nor has there been for over a year...so it's giving me a hard time over non-existent sites or sites that apache does not or no longer serves on this particular machine. also, the server is running Debian 8/Jessie. - tonybaldwin
none of the domains mentioned in the apache error.log with the exception of tonybaldwin.info, even have vhosts currently, so that's really got me stumped for what I'm supposed to do about the errors, especially. - tonybaldwin
the hostname on the server is myownsite.me - tonybaldwin

1 Answers

1
votes

The above error clearly states the virtual hosts created and the certificates binded to them are not matching. Its important to understand that the certificate is binded exactly to the Url which the users type in the address bar to access the web page.

So if your domain say is www.abc.com and the binded certificate common name is 172.168.1.1 or www.xyz.com, the Apache will not start after you initiate the restart. Hence, make sure the certificate common name matches to the server name mentioned in the virtual host for the website to work properly with SSL.