“Unable to configure RSA server private key” and “certificate routines:X509_check_private_key:key values mismatch” Errors
If you see one of these errors it usually means that the private key that is being loaded in the VirtualHost section of your .conf file doesn’t match the SSL Certificate being loaded in the same section.
To check if the two files match, run the following OpenSSL command on each of them:
openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5
openssl rsa -noout -modulus -in your_domain_com.key | openssl md5
If the modulus of the two files doesn’t match exactly, do one of the following:
- Find the .key file matching your .crt file and update the VirtualHost in your .conf file to match.
- Reissue your certificate by either generating two new files with the OpenSSL CSR Wizard or by creating a new CSR from your existing private key file using the following command.
Note that the existing private key must be at least 2048 bits. If the key is less than 2048 bits you will have to recreate the key.
openssl req -new -key your_domain_com.key -out your_domain_com.csr