The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL install aborted due to error: Modulus mismatch, key file does not match certificate.

Discussion in 'General Discussion' started by mauinet, May 26, 2013.

  1. mauinet

    mauinet Active Member

    Joined:
    Mar 2, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Maui
    Hello, trying to renew an SSL cert from Comodo on WHM 11.36.1. Generated CSR and received CRT file from Comodo. When I paste in the first box under "Install A SSL Cert", it prefills the second two boxes and brings up the correct domain. When I submit, get the error, "SSL install aborted due to error: Modulus mismatch, key file does not match certificate."

    I have checked other older key files for this domain on the server and find they are apparently duplicates.

    I tried to manually install the new CSR and bundle but Apache won't restart. The error log shows:

    [
    Code:
    Sat May 25 18:25:00 2013] [notice] SSL FIPS mode disabled
    [Sat May 25 18:25:00 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Sat May 25 18:25:00 2013] [error] Unable to configure RSA server private key
    [Sat May 25 18:25:00 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_priva
    te_key:key values mismatch
    [Sat May 25 18:25:26 2013] [notice] SSL FIPS mode disabled
    I am out of ideas how to fix this. All the other renewals installed without error.

    RS
     
  2. mauinet

    mauinet Active Member

    Joined:
    Mar 2, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Maui
    Our install is now complete. We received these commands from Comodo to determine the modulus of the crt and key files which must match:
    openssl rsa -noout -modulus -in mydomain.com.key | openssl md5
    openssl x509 -noout -modulus -in mydomain.com.crt | openssl md5

    If they do not match, search the server for another key file to test, "locate mydomain.com.key"
    In our case, the key file was on another server that had previously hosted the domain.
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    11.38 has realtime validation of key to cert matches on the client side (in javascript) in order to make this easier.
     
Loading...

Share This Page