I bought an SSL-certificate for my subdomain. My provider sent me four files:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
my_domain_com.cer
At https://www.linode.com/docs/security/ssl/ssl-apache2-debian-ubuntu I saw an example of an installation in /etc/apache2/sites-available/example.com.conf. In that example I can only set two files. How do I install these certificates?
I tried to add to the .conf-file:
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/my.domain.com.key
# SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt #If using a self-signed certificate, omit this line
ServerAdmin my@my.domain.com
ServerName my.domain.com
# ServerAlias www.example2.com #If using alternate names for a host
DocumentRoot /var/www/html/
ErrorLog /var/www/html/log/error.log
CustomLog /var/www/html/log/access.log combined
</VirtualHost>
When I enter the commands a2enmod ssl and a2ensite my.domain.com I got a large error text with some words in red…
Regards,
Guido
You can open your files in a text editor. The private key file starts like this
-----BEGIN PRIVATE KEY-----
Normally you should create the certificates yourself, and then they only sign your public key and send your the certificate. The private key should never leave your server. If they create the private key for you, they could have kept a copy (could be interesting for their surveillance products).
There is a syntax error in line 18 of /etc/…
I hope you can reproduce the error message and see in which file this problem appears. Check the line and what might be wrong
I was trying to install the certificate again in other ways.
When I enter the command:
apachectl configtest
my VPS replies: Syntax OK
but when I enter
apachectl start
my VPS replies:
Action ‘start’ failed.
The Apache error log may have more information.
In that error I read no usefull information, only that more information can be found in the error.log in my html directory.
In that file I see a recent added line:
Fri Nov 03 13:12:23.153055 2017] [ssl:emerg] [pid 30972] AH02564: Failed to configure encrypted (?) private key my.domain.com:443:0, check /etc/ssl/private/my_domain_com.cer
So, I know I have to generate a key. But how do I do that?