cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
New

unable to install ssl certificate on server

Hi I have purchased the wildcard domain from godaddy

 

I have genearted the CSR using the below command on ubuntu 16 & apache

 

openssl req -newkey rsa:2048 -nodes -keyout buymytime.com.key -out buymytime.com.csr

 

given in this tutorial https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial...

 

In the FQDN name I typed buymytime.com

 

Then using cat buymytime.com.csr I copied the CSR and pasted in godaddy and then downloaded the godaddy zip file and renamed it to buymytime.csr and intermediate.csr and copied the files to /etc/ssl/ and

 

then modified the 000-default.conf in with the directives mentioned in the tutorials

 

One more thing I noticed is When I test on this link https://casecurity.ssllabs.com/analyze.html?d=buymytime.com

 

I get common name mismatch error. my FQDN is bmt.buymytime.com or how can I edit the ubuntu-512mb-blr1-01 MISMATCH error provided in above link to my FQDN

 

While in apache error logs there is the following errors:

 

 

[Sat Sep 24 06:25:01.999237 2016] [ssl:warn] [pid 1877] AH01909: bmt.buymytime.com:443:0 server certificate does NOT include an ID which matches the server name [Sat Sep 24 06:25:01.999393 2016] [mpm_prefork:notice] [pid 1877] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations [Sat Sep 24 06:25:01.999402 2016] [core:notice] [pid 1877] AH00094: Command line: '/usr/sbin/apache2' [Sat Sep 24 06:44:30.898414 2016] [mpm_prefork:notice] [pid 1877] AH00169: caught SIGTERM, shutting down [Sat Sep 24 06:44:31.981157 2016] [ssl:warn] [pid 3422] AH01909: bmt.buymytime.com:443:0 server certificate does NOT include an ID which matches the server name [Sat Sep 24 06:44:31.982112 2016] [ssl:emerg] [pid 3422] AH02565: Certificate and private key buymytime.com:443:0 from /etc/ssl/buymytime.com.crt and /etc/ssl/private/buymytime.com.key do not match AH00016: Configuration Failed

 

 

I dont know what is this regarding but your help can save my day.

6 REPLIES 6
Moderator
Moderator

Re: unable to install ssl certificate on server

Hi @amit,

 

What you're doing may require some non-standard implementations of the SSL, but best to get the advice of 24/7 support. They have the ear of the expert SSL Staff at x.co/247support

 

Thomas D. - GoDaddy | Community Moderator

Helper V
Helper V

Re: unable to install ssl certificate on server

Looking over the log you provided I see a possible issue. the name mismatch error is due to AH02565

 

[Sat Sep 24 06:44:31.982112 2016] [ssl:emerg] [pid 3422] AH02565: Certificate and private key buymytime.com:443:0 from /etc/ssl/buymytime.com.crt and /etc/ssl/private/buymytime.com.key do not match AH00016: Configuration Failed

Apache is unable to read your Cert due to the Private key not matching up with the Public Certificate.

You will need to re-key your cert and or install the correct Private key.

 

 

New

Install SSL certificate on Zimbra mail server

we have Zimbra 8.8.8 in our environment. We have got ssl certificate from godaddy and imported our CSR file. But as per zimbra it needs root certificates also along with other certs, but unable to find. And also what are the exact certificates i need to download to be compatible with zimbra

How to install SSL certificate on IBM HTTP Server

Hi, 

 

Please guide us with steps to install SSL certificate on IBM HTTP Server.

 

Thanks in Advance.

New

Azure require pfx insted of crt. How to generate pfx format certificate?

Azure require pfx insted of crt. 

I downloaded iis and apache format. Both gives only crt files. How to generate pfx format certificate?

Employee
Employee
Solution

Re: Azure require pfx insted of crt. How to generate pfx format certificate?

Hi @Sethu1!

 

Thanks for writing in. When you're creating a .pfx, you'll need a copy of the private key from your server, as well as the .crt file that you downloaded from GoDaddy. You can use OpenSSL commands in command line to create the PFX, I'm including a sample below:

 

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt

This will create a certificate.pfx file from your private key, as well as the .crt you downloaded. You'll just need to make sure that you update the names in the sample code above to match your certificate/private key information.

 

Hope this helps!

Nicole

Tech Writer at GoDaddy