Install certificate

Guido_van_Harten · November 1, 2017, 9:23pm

I bought an SSL-certificate for my subdomain. My provider sent me four files:
AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
my_domain_com.cer
At https://www.linode.com/docs/security/ssl/ssl-apache2-debian-ubuntu I saw an example of an installation in /etc/apache2/sites-available/example.com.conf. In that example I can only set two files. How do I install these certificates?

I tried to add to the .conf-file:
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/my.domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/my.domain.com.key
# SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt #If using a self-signed certificate, omit this line

ServerAdmin my@my.domain.com
ServerName my.domain.com
#    ServerAlias www.example2.com #If using alternate names for a host
DocumentRoot /var/www/html/
ErrorLog /var/www/html/log/error.log
CustomLog /var/www/html/log/access.log combined
</VirtualHost>

When I enter the commands a2enmod ssl and a2ensite my.domain.com I got a large error text with some words in red…
Regards,
Guido

tflidd · November 1, 2017, 11:18pm

And we should guess which words are red?

Comodo? They sold this business to a company offering surveillance products:

With the files, you normally have your private key, and the certificate file. The rest is usually in a single certificate chain file: https://ssl.comodo.com/support/ssl-certificate-installation-in-apache.php

You can open your files in a text editor. The private key file starts like this

-----BEGIN PRIVATE KEY-----

Normally you should create the certificates yourself, and then they only sign your public key and send your the certificate. The private key should never leave your server. If they create the private key for you, they could have kept a copy (could be interesting for their surveillance products).

Guido_van_Harten · November 2, 2017, 9:35am

Oh no, I don’t want you guess the red words. I forgot to add the picture.
I created a new picture this morning and attach it in this message.
apache-error

I also create a bundle.crt of the three .crt files my hostingprovider sent me and edited the above mentioned example.com.conf

Regards,
Guido

tflidd · November 2, 2017, 10:03am

There is a syntax error in line 18 of /etc/…
I hope you can reproduce the error message and see in which file this problem appears. Check the line and what might be wrong

Guido_van_Harten · November 3, 2017, 12:21pm

I was trying to install the certificate again in other ways.
When I enter the command:

apachectl configtest

my VPS replies: Syntax OK

but when I enter

apachectl start

my VPS replies:
Action ‘start’ failed.
The Apache error log may have more information.

In that error I read no usefull information, only that more information can be found in the error.log in my html directory.
In that file I see a recent added line:

Fri Nov 03 13:12:23.153055 2017] [ssl:emerg] [pid 30972] AH02564: Failed to configure encrypted (?) private key my.domain.com:443:0, check /etc/ssl/private/my_domain_com.cer

So, I know I have to generate a key. But how do I do that?

Regards,
Guido

Guido_van_Harten · November 3, 2017, 6:53pm

I deleted the bought SSL-certificate and switched over to Let’s Encrypt. All will work fine at this moment.
Now finetuning my Nextcloud.

Kind regards,
Guido