I'm setting up a new web server that hosts a dozen virtual hosts on Ubuntu 12.4 using Apache 2.2.22 with one config file per site. I created all the configuration files all at once and ran a2ensite *
to enable them all at once. When I reloaded the configuration it failed and after restarting apache I found the following error message in my error.log:
Oops, no RSA or DSA server certificate found for 'server.host.name:0'?!
Most of the results for this error message are years old that don't fix the problem or are bugs that have been fixed https://issues.apache.org/bugzilla/show_bug.cgi?id=31709
From: http://www.clearchain.com/blog/posts/solving-the-apache-ssl-error-oops-no-rsa-or-dsa-server-certificate-found-for-www-somedomain-com0
Summary: This error may also occur if you forget the following line in your
VirtualHost
section:The problem ended up being in a different configuration file than the host that was listed in the error. It was due to the fact that there were duplicate ServerName values in two of the files. I fixed the wrong one and it started back up (bye bye that half an hour) :-) .
To troubleshoot this I disabled all the sites and then enabled a couple at a time until I ran into the problem again.
You may also receive this error if you are using a cert with multiple subject alternate names, but the
ServerName
directive does not match the CN or SAN value(s) of the certificate. IT is often the case where a developer wants a development version of the same production site, but there is no real certificate for the development site.Example websites:
webserver.example.com
webserver-dev.example.com
Certificate:
CN = primaryserver.example.com
SANs = webserver.example.com, puppies.example.com, kittens.example.com
The following configuration will cause this error:
/etc/apache2/sites-enabled/webserver.example.com-ssl.conf
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName webserver.example.com ...
/etc/apache2/sites-enabled/webserver-dev.example.com-ssl.conf
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName webserver-dev.example.com ...
The following configuration resolves this issue:
/etc/apache2/sites-enabled/webserver.example.com-ssl.conf
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName webserver.example.com ...
/etc/apache2/sites-enabled/webserver.example.com-ssl.conf
<IfModule mod_ssl.c> <VirtualHost webserver-dev.example.com:443> ServerName webserver.example.com ...
FWIW, I just ran into this issue again, under a different guise.
If you are using wildcard SSL certificates, ensure that the VirtualHost entry for the domain (domain.com) is listed before anything else (foo.domain.com, bar.domain.com, etc).
I tried the one-at-a-time config thing, and everything else ran fine until I added the this one file back in.
Then I twigged on that the config filename was lower alphabetically than the config file with the "primary domain definition". Changed the symlink so that it was placed after the main def and everything worked like a charm.
Example fail listing order:
Working example listing:
HTH someone else :)