Hi, I'm using acme.sh to create a certificate for an apache server on fedora35 and have received an odd error message after replacing the current cert created with certbot with this one.
AH02572: Failed to configure at least one certificate and key for arcade.example.com:443
SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
This is a drop-in replacement for a cert that was created by certbot and working just fine with this same apache config.
The command I have run is the following. It's using the dns_cf plugin. I've excluded the CF_Account_ID and CF_Email variables, but it did result in a valid cert. I've also verified it with openssl to be sure it contains the same name as I am installing.
./acme.sh --log --issue --dns dns_cf -d arcade.example.com
Here is my apache config. Outside the virtual host I have the following:
# modern configuration, tweak to your needs
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AE
S128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(128000)
Inside the virtual host I have the following:
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/fullchain.pem
The fullchain.pem is the fullchain.cer file generated by acme.sh and privkey.pem is arcade.example.com.key.
I'm not sure what more info I can provide to troubleshoot this. I've done quite a bit of experimenting and reading, but haven't really found any tips on how to fix it.