Apache will not start after new certificate installed

[details=“Support intro”]

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

We have attempted to replace an expired certificate on our server and have uploaded the new certs per the documentation however now we cant get Apache to start
Nextcloud version (eg, 20.0.5): 16.0.11
Operating system and version (eg, Ubuntu 20.04): Ubuntu 16.04 Apache or nginx version _(eg, Apache 2.4.25)_: 2.4.18PHP version _(eg, 7.4)_:7.0.33`

The issue you are facing:
webserver will not start. new to Linux and struggling to find logs or verify that the certificate was installed properly and in the right place.

Is this the first time you’ve seen this error? (Y/N): y

Steps to replicate it:

The output of your Nextcloud log in Admin > Logging:

PASTE HERE

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

PASTE HERE

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

PASTE HERE

Output errors in nextcloud.log in /var/www/ or as admin user in top right menu, filtering for errors. Use a pastebin service if necessary.

PASTE HERE

Hard to say. Could be at the wrong location, wrong file name, wrong certificate format, wrong file permissions. But Apache is usually pretty chatty and gives quite detailed error messages. So looking through the log should definitely be helpful. You can also check for errors by issuing systemctl status apache2.

The default location for the apache logs is /var/log/apache2/

I just wanted to mention that Ubuntu 16.04 is already EOL unless you have registered your instance for ESM (Extended Security Maintenance). Also, all Nextcloud versions that are still actively maintained and are geting security fixes do no longer support PHP 7.0.

let me check the apache logs and see whats there. thanks for the location

this is the latest apache error.log
[Thu May 19 12:28:16.245787 2022] [ssl:info] [pid 9367] AH01887: Init: Initializing (virtual) servers for SSL
[Thu May 19 12:28:16.245847 2022] [ssl:info] [pid 9367] AH01914: Configuring server cloud.aa.soartech.com:443 for SSL protocol
[Thu May 19 12:28:16.246068 2022] [ssl:debug] [pid 9367] ssl_engine_init.c(925): AH01904: Configuring server certificate chain (1 CA certificate)
[Thu May 19 12:28:16.246076 2022] [ssl:debug] [pid 9367] ssl_engine_init.c(392): AH01893: Configuring TLS extension handling
[Thu May 19 12:28:16.246228 2022] [ssl:emerg] [pid 9367] AH02565: Certificate and private key cloud.aa.soartech.com:443:0 from /etc/ssl/certs/star_soartech_com.crt a$
AH00016: Configuration Failed

I am working with a wildcard cert from digicert if that makes a difference

AH02565 means “Certificate and private key do not match”.

I don’t have any experience with certificates from DigiCert, I use Let’s Encrypt certificates with automated installers like certbot or acme.sh everywhere. But you have to make sure that you use the correct key pair. That means the private key must match with the public key of the certificate. You can check on that using openssl. Make sure that you specify the correct path and file names:

openssl rsa -in /etc/ssl/certs/star_soartech_com.key -noout -modulus

openssl x509 -in /etc/ssl/certs/star_soartech_com.crt -noout -modulus

The output of both commands has to be an exact match.

https://knowledge.digicert.com/solution/SO29559.html

Hope that helps to put you at least in the right direction.