Troubleshoot SSL certificates and keys

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.

If you get an error like this in the Apache error log file, it is because an incorrect certificate or key is in use.

[Mon May 12 15:37:46.891294 201X] [ssl:emerg] [pid 15450] AH02565: Certificate and private key from installdir/apps/your_app/conf/certs/server.crt and installdir/apps/your_app/conf/certs/server.key do not match
  • Verify that the current key matches the certificate file with the following commands. Note that the SHA checksum of the key and certificate must match.

    • Check your certificate:

      $ openssl x509 -in server.crt -pubkey -noout -outform pem | sha256sum
    • Check your key:

      $ openssl pkey -in server.key -pubout -outform pem | sha256sum

The output of the two commands above should match. In case of a mismatch, the wrong key is in use for the certificate and so Apache will not start until the issue is resolved.

Last modification July 26, 2019