Apache failed to start "mydomain.net:443:0 server certificate does NOT include an ID which matches the server name"

Hello everyone,
i’ve been fighting for a week with apache but no way. I’m not still able to install my company wildcard certificate.
I’ve edited the bitnami.conf file like this

DocumentRoot "C:/Bitnami/rubystack-2.0.0-23/apache2/htdocs" SSLEngine on ServerName *.mycompany.com SSLCertificateFile "C:/Bitnami/rubystack-2.0.0-23/apache2/conf/server.crt" SSLCertificateKeyFile "C:/Bitnami/rubystack-2.0.0-23/apache2/conf/server.key" Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all = 2.3 > Require all granted

Error Documents

ErrorDocument 503 /503.html

Bitnami applications installed with a prefix URL (default)

Include “C:/Bitnami/rubystack-2.0.0-23/apache2/conf/bitnami/bitnami-apps-prefix.conf”

Please i seriously need some help

Hi @lethunder1014,

have you followed our wiki page about how to configure a SSL certificate?

https://wiki.bitnami.com/Components/Apache#How_to_enable_HTTPS_support_with_SSL_certificates

We explain how to create a new one and how to check the certificate and the key.

I hope it helps!

Jota

thanks Jota,
i have a wildcard certificate. It works for multiple website with IIS. It is a pfx file that i’ve converted into crt and key files with openssl but it faills to verify the modulus. very strange!

hi @lethunder1014

Your Apache configuration seems to be correct. If I were you, I would try to generate a dummy certificate and configure Apache with it. It is possible that your certificate is corrupt.

Tomas

hello guys!,
i’ve succeeded! my certificate and key were not matching! so i regenerate the crt from the pfx file and every thing is ok now.
this is the method a followed for anyone who has a wildcard certificate and want to convert it properly
http://www.entrust.net/knowledge-base/technote.cfm?tn=7924

Hi @lethunder1014

Thanks for posting the solution. I’m glad that it worked!

Thank you very much. I ran into the same issue, installed a new cert and it worked.

Hey guys, in the posted link regarding to Bitnami HTTPS Apache configuration given by @jota, the last procedure on how to generate a private key is wrong. It currently says:

Note that if you use this encrypted key in the Apache configuration you will need to enter the password manually on every Apache startup. You can regenerate the key without password protection from this file as follows:

> $ sudo /opt/bitnami/common/bin/openssl rsa -in privkey.pem -out /opt/bitnami/apache2/conf/server.key

But in fact, this lead us to some errors like this:

Error opening Private Key privkey.pem
5947:error:02001002:system library:fopen:No such file or directory:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/crypto/bio/bss_file.c:356:fopen('privkey.pem','r')
5947:error:20074002:BIO routines:FILE_CTRL:system lib:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/crypto/bio/bss_file.c:358:
unable to load Private Key

And this is because the arguments “-in” and “-out” were mistakenly swaped, so in order to work correctly you must use instead:

$ sudo /opt/bitnami/common/bin/openssl rsa -in /opt/bitnami/apache2/conf/server.key -out privkey.pem 

Then, you will get your privkey.pem generated without password and the following message:

writing RSA key

Please, someone update the Wiki.
Best Regards.

Hello,

Thanks for letting us know. We have just updated the wiki.

https://wiki.bitnami.com/Components/Apache#How_to_create_a_SSL_certificate.3f

Tomas

Hi Tomas, the link given by you : Goes to default page.

https://wiki.bitnami.com/Components/Apache#How_to_create_a_SSL_certificate.3f
Goes to a default page… pls provide correct WIKI link…

Hi @rairakesh,

We moved our documentation from the wiki to our new documentation system. The new links to access that information are the following ones:

https://docs.bitnami.com/?page=components&name=apache&section=how-to-create-an-ssl-certificate
https://docs.bitnami.com/?page=components&name=apache&section=how-to-enable-https-support-with-ssl-certificates

Best regards,
Jota


Was my answer helpful? Click on :heart: