I have received a new SSL certificate from GoDaddy and the old one was from Comodo.
Contents of /etc/ssl/private/pure-ftpd.pem
are as follows:
-----BEGIN PRIVATE KEY-----
PRIVATE KEY USED TO CREATE THE CSR
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
CONTENTS OF CRT FILE RECEIVED BY GODADDY
-----END CERTIFICATE-----
After updating the contents of the file I restarted pure-ftpd
then checked the status:
/etc/init.d/pure-ftpd restart
/etc/init.d/pure-ftpd status
[ ok ] pure-ftpd is running.
Everything seems good. Now I try to verify the new cert:
Edit: I added the "bundle" CRT
file provided by GoDaddy into /etc/ssl/certs
, and now I get this output (but am still unable to restart apache2
because of the errors shown below)
openssl verify -CApath /etc/ssl/certs /etc/ssl/private/pure-ftpd.pem
pure-ftpd.pem: OK
Then I tried to restart apache2
(supposing that this will tell the system to use the new certificate):
apache2ctl graceful
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
Apache error log:
[error] Unable to configure RSA server private key
[error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Seemingly relevant parts of /etc/apache2/sites-available/default-ssl
:
Does the PEM
file declared as SSLCertificateFile
need to be updated in some way if I have generated a new private key? (If so, what exactly needs to be in it, and how to accomplish this?)
SSLCertificateFile /etc/ssl/certs/my.server.net.pem
SSLCertificateKeyFile /etc/ssl/private/my.server.net.key
I also tried using these commands to compare the modulus of each file and they are the same:
openssl x509 -noout -modulus -in /etc/ssl/private/pure-ftpd.pem | openssl md5
openssl rsa -noout -modulus -in /etc/ssl/private/my.server.net.key | openssl md5
Can anyone point me in the right direction?
Another Edit: When I access the FTP server through a client such as FileZilla, I am greeted with the credentials for the new GoDaddy Certificate. So that's great, but this issue is driving me bonkers!