Apache SSLCertificateFile error: Does not exist or is empty

Today, I went back to check again at SELinux. Well, that was the problem. Yesterday, I was disabling SELinux; however, as that is a live server, I was rushing from one test to another, and had to have a secondary issue there, while testing SELinux (not properly moved all folders/symlinks, …). After disabling SELinux http started fine.

So, to reflect on the "that would be a first in digital history" comment, it is always like that, if the issue is above your paygrade. Whatever you were pointing to was fine. Those files were diff-identical, ls-identical, openssl-identical. Actually, those files were 'ls -la' identical, but not 'ls -Z' identical (-Z provides SELinux info for a given file).

In this post:

@JuergenAuer and @sahsanu endorse using tar to move certs from one server to another, as tar preserves all permissions, ownerships. This is exactly what I did. However, SELinux is recognizing such files as coming from a different server, and unless told to ignore that, will basically stop http from starting (using those files). Maybe it would be worthwhile to amend that post to mention potential issues with SELinux.

Thank you for helping me to resolve this issue and learn a bit about SELinux, Jacek

3 Likes