Troubleshoot SSL certificates and keys

TIP: To quickly get started with HTTPS and SSL, follow these instructions to auto-configure a Let’s Encrypt SSL certificate.

If you get an error about certificate/key mismatch in the Web server log file, it is because an incorrect certificate or key is in use.

Verify that the current key matches the certificate file with the following commands. Note that the SHA checksum of the key and certificate must match.
- Check your certificate:
```
    $ openssl x509 -in server.crt -pubkey -noout -outform pem | sha256sum
```
- Check your key:
```
    $ openssl pkey -in server.key -pubout -outform pem | sha256sum
```

The output of the two commands above should match. In case of a mismatch, the wrong key is in use for the certificate and so the Web server will not start until the issue is resolved.

Last modification March 24, 2021

Kubeapps

Kubernetes Tutorials

Documentation

Tutorials

Support

Open Source

We're hiring

Resources

Newsroom

Careers

Troubleshoot SSL certificates and keys

Products

Projects

Solutions

Company

Legal

Support