1

I am getting this error on service apache2 restart 

Error: SSLCertificateFile: file '/etc/apache2/ssl/www_example_com.crt' does not exist or is empty

I am trying to configure comodo ssl certificate on ubuntu ec2 instance with LAMP and I have performed all official steps by following below links.

https://help.ubuntu.com/community/ApacheMySQLPHP

https://help.ubuntu.com/14.04/serverguide/httpd.html#https-configuration

Please help.

ankit7540
  • 4,195
Tanveer
  • 11

2 Answers2

0

I was getting this error because of following

SSLCertificateFile /etc/apache2/ssl/www.example.com.pem;
SSLCertificateKeyFile /etc/apache2/ssl/www.pdchealthcare.com.pem;

after replacing with

SSLCertificateFile /etc/apache2/ssl/www.example.com.pem
SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.pem

the error was gone(Notice the ; removed) and I was able to restart the Apache server.

Mukesh
  • 113
0

You should check the following:

  1. The certificate is actually present at the location.
  2. The certificate is not empty.

Having done that, you can then try to check your sites's virtual host file.

In the /etc/apache2 folder there is sites-enabled folder which has the virtual hosts file as symlinks with sites-available folder.

Not you can check the virtual host file either in sites-available or sites-enabled folder.

The correct form should be :

<VirtualHost IP ADDRESS :443 >
DocumentRoot <path/to/sites/folder>
ServerName <domain name>
SSLEngine on
SSLCertificateFile /etc/ssl/crt/primary.crt                 #edit path as needed
SSLCertificateKeyFile /etc/ssl/crt/private.key              #edit path as needed
SSLCertificateChainFile /etc/ssl/crt/intermediate.crt       #edit path as needed
#Include /etc/options-ssl-apache.conf #optional for some configs

</VirtualHost>

Of course : Change the names of the files and paths to match your certificate files:

SSLCertificateFile should be your primary certificate file for your domain name.
SSLCertificateKeyFile should be the key file generated when you created the Certificate signing reques.
SSLCertificateChainFile should be the intermediate certificate file (if any) that was supplied by your certificate authority.

Save the changes and exit the text editor after making appropriate changes. Restart your Apache web server using one of the following commands:

/usr/local/apache/bin/apachectl startssl
/usr/local/apache/bin/apachectl restart
ankit7540
  • 4,195