ASN1_CHECK_TLEN:wrong tag, ASN1_ITEM_EX_D2I:nested asn1 error

Generated a certificate and now apache will not start, an produces these errors.

error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

hi @roosit

as this is a forum the more infromation you provide the more likely you are to get a useful answer

Please fill out the fields below so we can help you better.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):


certbot certonly --webroot -w /var/www/html/ --preferred-challenges http -d xxxxx.xx

I can remember it said something like successful

CentOS6 updates installed and httpd-2.2.15

(I think it is improper to mention the domain on a public forum, without permission of the client, maybe this is helpful Sep 10 23:09 cert1.pem, Sep 10 23:09 privkey1.pem CEST)

Hi @roosit,

If you use certbot certonly, it doesn’t try to change your Apache configuration; that’s what the certonly part means. So, did you also edit your Apache configuration file in order to create a new HTTPS VirtualHost and point it at the newly-generated certificates? This error could result from swapping which directive goes with which file in /etc/letsencrypt/live (like pointing the certificate at the key or the key at the certificate or something).

I think you are right. I tried again copying the crt and key to their /etc/pki/tls locations, and looks like it is now ok. Maybe some typo.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.