"Cannot find a cert or key directive" error


i tried to use certbot with: certbot --apache -d kehrein.eu
This produced the following error:

Cannot find a cert or key directive in /files/etc/apache2/vhosts.d/kehrein-ssl.conf/IfDefine/IfDefine/VirtualHost. VirtualHost was not modified
Unable to find cert and/or key directives


  • Unable to install the certificate

my kehrein-ssl.conf is a copy of the template (only changed things like server name) and therefore has SSLEngine on, SSLCertificateFile and SSLCertificateKeyFile in it.

So i tried to create only the certificates using:
certbot-auto --apache certonly
which worked pretty well. Now i’ve got the certificates in /etc/letsencryt/live/kehrein.eu/*.
So i edited my kehrein-ssl.conf to

SSL Virtual Host Context

<VirtualHost *:443>

General setup for the virtual host

DocumentRoot "/srv/www/htdocs"
ServerName kehrein.eu
#ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log

SSL Engine Switch:

Enable/Disable SSL for this virtual host.

SSLEngine on

You can use per vhost certificates if SNI is supported.

SSLCertificateFile /etc/letsencrypt/live/kehrein.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/kehrein.eu/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/kehrein.eu/fullchain.pem

Per-Server Logging:

The home of a custom SSL log file. Use this when you want a

compact non-error SSL logfile on a virtual host basis.

CustomLog /var/log/apache2/ssl_request_log ssl_combined

But when i try to open https://kehrein.eu in my browser (Safari) i get the Cant connect to server message
The software im using is apache 2.4.23 on opensuse 42.2 Leap


Can you paste your config at pastebin.com or place three tick marks ` before and after the paste so that the code isn’t interpreted by the forum software please.

Also, have you got any firewall or anything blocking access to port 443?


Thanks for your reply,
this is the /etc/apache2/vhost.d/kehrein-ssl.conf file:

and this is my /etc/apache2/listen.conf

Also this happens with a deactivated firewall as well.


You have a basic config there ( see https://mozilla.github.io/server-side-tls/ssl-config-generator/ for some more appropriate values ) . I suspect that the various components for https are not enabled on your server.

what is the operating System that apache is running on ?

Also, have you enabled the packages etc for SSL on that machine ?


im running Apache 2.4.23 on OpenSuSe Leap 42.2.

When i am running

sudo a2enmod ssl

i get as result:

“ssl” already present

So i guess ssl is enabled, or is there anything else to do?

Here you can find my current httpd.conf file


I think opensuse also uses flags - so you need " a2enflag SSL" and restart the apache server ( not just a reload ) if you haven’t done that,


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.