Problems with SSL on Apache2

Question

I have a SSL certificate (a .crt-file) which I got from my host. It contains two sections, both starting with -----BEGIN CERTIFICATE-----. I have split this file into cert.crt and intcert.crt (simply assuming that the second part is the intermediate certificate).

In the SSL-config for Apache2 i have:

SSL Engine Switch:

    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile  /etc/apache2/ssl/cert.crt
    SSLCertificateKeyFile /etc/apache2/ssl/certificate.key

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/apache2/ssl/intcert.crt

    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    #   Note: Inside SSLCACertificatePath you need hash symlinks
    #        to point to the certificate files. Use the provided
    #        Makefile to update the hash symlinks after changes.
    #SSLCACertificatePath /etc/ssl/certs/
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

However, when trying to restart Apache2, I get the following error in the error.log:

AH02562: Failed to configure certificate 213.188.152.189:443:0 (with chain), check /etc/apache2/ssl/cert.crt [Mon Jan 11 13:50:51.759656 2021] [ssl:emerg] [pid 1400] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Mon Jan 11 13:50:51.759670 2021] [ssl:emerg] [pid 1400] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib

I have no idea what is causing this? Is there a mistake of some kind in my config-file, or is there something else. I had it working with exactly this setup, before I renewed the certificate just now.

I would really appreciate help in this matter!

Answer 1

I found out the solution myself. I needed to change the formatting om the certs and the key from UTF-8 to ANSI - then everything worked just fine.