Troubleshoot SSL certificates and keys
TIP: To quickly get started with HTTPS and SSL, follow these instructions to auto-configure a Let’s Encrypt SSL certificate.
If you get an error like this in the Apache error log file, it is because an incorrect certificate or key is in use.
[Mon May 12 15:37:46.891294 201X] [ssl:emerg] [pid 15450] AH02565: Certificate and private key example.com:443:0 from /opt/bitnami/apache2/conf/bitnami/server.crt and /opt/bitnami/apache2/conf/bitnami/server.key do not match
-
Verify that the current key matches the certificate file with the following commands. Note that the SHA checksum of the key and certificate must match.
-
Check your certificate:
$ openssl x509 -in server.crt -pubkey -noout -outform pem | sha256sum
-
Check your key:
$ openssl pkey -in server.key -pubout -outform pem | sha256sum
-
The output of the two commands above should match. In case of a mismatch, the wrong key is in use for the certificate and so Apache will not start until the issue is resolved.