Have an Apache server? Facing an SSL related problem? Don’t worry, as we bring you the Apache SSL Errors and Troubleshooting Guide that will help you solve every SSL problem within minutes, without any hassle.
2. Facing any SSL related error on
your Apache Server?
We bring you the fixes
When it comes to Apache or any other
server for that matter, it’s pretty common
to come across SSL related errors. As
good as SSL certificates are at what they
do, there are no escaping SSL errors. If
you have an SSL certificate, you will face
errors – it’s as simple as that.
3. This doesn’t mean that you have to sit in front of your PC and
wait for these errors to disappear magically though. You can fix
them by yourself – with a little bit of our help.
Based on the experiences of our customers, we’ve compiled a
list of most commonly faced errors. Just click on the error that
you’re facing, and you’ll have the solution right in the middle of
your screen.
4. List of Apache Errors to Fix
Fix “Error:0D0680A8 : asn1 encoding routines: ASN1_CHECK_TLEN: wrong tag”
Fix “Page not displayed through Apache” Error
Fix “Invalid command ‘SSLEngine'” Error
01
02
03
04
Fix “Unable to configure RSA server private key” Error and Fix “certificate
routines:X509_check_private_key:key values mismatch”
Fix “ssl_error_rx_record_too_long” Error05
5. Fix “Unableto configureRSA server privatekey”Error
and
Fix “certificate routines:X509_check_private_key:key valuesmismatch”
01
6. If you’re seeing the “Unable to configure RSA server private key” error, it’s highly likely that your private key, which is in the VirtualHost
section, doesn’t match with the SSL certificate. That’s why you’ll need to verify if you’re selecting the right key or right cert. You can do
that by running below OpenSSL commands:
openssl x509 -noout -modulus -in your_domain_com.crt | openssl md5
openssl rsa -noout -modulus -in your_domain_com.key | openssl md5
If they don’t match, you must find the private key that matches with your certificate and update VirtualHost to match it. If this doesn’t
work, you’ll need to reissue your SSL certificate as the last resort.
8. Most of the time, this error is seen if there have been some modifications to your certificate file.
Make sure that it starts with —–BEGIN CERTIFICATE—– and ends with —–END CERTIFICATE—–. Also, make sure that you haven’t left any
spaces in it.
10. Commonly, the “Page not displayed through Apache” is seen due to HTTP/1.1.
To circumvent this error, you must disable HTTP/1.1 in Apache+mod_ssl+OpenSSL.
To do so, you must enter the following directive:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
12. Apache needs a module named mod_ssl in order to make SSL connections.
If it isn’t installed, you could face “Invalid command ‘SSLEngine'” error.
Needless to say, there’s only one way to alleviate your pain, and that is enabling the module.
To enable it, you must run a command based on your system.
sudo yum install mod_ssl
a2enmod ssl
Enable on CentOS/RedHat Linux:
Enable on Debian-based distro:
14. Mostly the “ssl_error_rx_record_too_long” is encountered in the Firefox browser due to improper SSL traffic setup. Here are the fixes that
should eliminate this error:
• As we know, port 443 is used for HTTPS traffic. If the server isn’t configured to listen to the SSL traffic, you must make it listen. To do so,
you must add the line below before the <VirtualHost> block gets loaded.
Listen 443
Listen 192.168.0.1:443
• If you’re on a Windows system, check if the host file on Windows server is set up appropriately. You might want to do it by changing
VirtualHost your.domain.com:443 to VirtualHost _default_:443.
• Many times, the cause behind “ssl_error_rx_record_too_long” error is unsuccessful loading of httpd.conf even if the file
/conf/extra/httpd-ssl.conf was configured properly. You’ll need to uncomment the line below to fix it and then restart Apache.
On IPv6, you’ll also need to include the IP Address.
15. #Include conf/extra/httpd-ssl.conf
• Another possible reason behind this might be having a misconfigured proxy.
• To detect if you have it, you should try opening your site from other networks.
• If you don’t see the error anymore, the proxy was probably the reason behind it.
16. We hope this fixes
helped you
eliminate SSL error
in Apache and
helped you
establish a smooth
HTTPS connection.
17. Tips to Install SSL Certificate on Apache
Move an SSL from one Apache Server to
another one
Google Chrome SSL Certificate Error and
Troubleshoot Guide
SSL tools for the SSL Reconfiguration process
01
02
03
04