skip to Main Content

I was testing my httpd config on centOS-like OS, and found a "wired" error AH02574: Init: Can't open server private key file in one of the VirtualHost, while another one doesn’t produce any error.

In my config file, same SSL cert is referred by both (two) virtual hosts, of course is the private key file also shared. The httpd fail to start with this config. When I dig into the log, I found one virtual host (example.com) config does not produce any error, while the other vhost (sub.example.com, at latter lines in the ssl.conf) can’t read the key file. I suspect this is due to the file was opened by the programme already, and hence stays on hold preventing it to be opened again. If this is the case, how should I solve it? An simple solution comes to my mind was to duplicate the key file, but I doubt for any security risk.

To give a better idea, below is a sample config:

<VirtualHost *:443>
  ServerName example.com
  # ... some other config
  SSLCertificateFile    "/path/to/ssl.crt"
  SSLCertificateKeyFile "/path/to/ssl.key"
</VirtualHost>
<VirtualHost *:443>
  ServerName sub.example.com
  # ... some other config
  SSLCertificateFile    "/path/to/ssl.crt"
  SSLCertificateKeyFile "/path/to/ssl.key"
</VirtualHost>

2

Answers


  1. Chosen as BEST ANSWER

    Although with a different problem, but This answer also resolves my problem! Here is the solution provided by that answer:

    restorecon -RvF /path/to/key_file
    

  2. As per answer given by Jimmy, You can include sudo at the beginning of the command as below. I have also spent some 2 hours battling the same error but this helped me

    sudo restorecon -RvF /etc/ssl/keyfile
    

    After running the command, it should show as per image attached. Then you can restart the apache service
    [1]: https://i.stack.imgur.com/uipI4.png

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search