virtualMachinelamp

Troubleshoot SSL certificates and keys

TIP: To quickly get started with HTTPS and SSL, follow these instructions to auto-configure a Let’s Encrypt SSL certificate.

If you get an error about certificate/key mismatch in the Web server log file, it is because an incorrect certificate or key is in use.

  • Verify that the current key matches the certificate file with the following commands. Note that the SHA checksum of the key and certificate must match.

    • Check your certificate:

          $ openssl x509 -in server.crt -pubkey -noout -outform pem | sha256sum
      
    • Check your key:

          $ openssl pkey -in server.key -pubout -outform pem | sha256sum
      

The output of the two commands above should match. In case of a mismatch, the wrong key is in use for the certificate and so the Web server will not start until the issue is resolved.

Last modification October 13, 2023