Got two nodes with a failover ip.
The A record machine.domain.com points to that failover ip.
I have generated a letsencrypt-auto -d machine.domain.com certificate on the master node.
On the master node all is working well.
On the slave node I have SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch and apache doesn’t start.
keys and apache confs reside on a drbd volume shared between the two nodes.
If I disable ssl apache starts without problems.
The output of these two commands is not sensitive (although sharing it will allow someone to determine your domain name). The important question is whether the two commands give exactly the same output.
I wander why everything works perfectly on the master and breaks on the slave while all conf files of apache and certs are on the common shared drbd volume
on the master
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf:#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/asterisk/keys/VERY.secret-machine.name.crt
/etc/httpd/conf.d/ssl.conf:#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/asterisk/keys/VERY.secret-machine.name.key
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateChainFile at a file containing the
/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile
/etc/httpd/conf.d/ssl.conf:#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
/etc/httpd/conf.d/ssl.conf:SSLCertificateChainFile /etc/asterisk/keys/VERY.secret-machine.name.pem
on the slave
grep -r SSLCertificate /etc/httpd/
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf:#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/asterisk/keys/VERY.secret-machine.name.crt
/etc/httpd/conf.d/ssl.conf:#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/asterisk/keys/VERY.secret-machine.name.key
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateChainFile at a file containing the
/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile
/etc/httpd/conf.d/ssl.conf:#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
/etc/httpd/conf.d/ssl.conf:SSLCertificateChainFile /etc/asterisk/keys/VERY.secret-machine.name.pem
found that in /etc/httpd/conf.d/schmoozecom.conf the names for the http virtualhosts are the ones of the main node... how can I do so that those are equal to the https one?
I’m sorry to say that I don’t really have any other suggestions about how to make your configurations equivalent; I’m not familiar with this synchronization method but it looks like most of the relevant files are exactly the same. Is /etc/httpd not automatically synchronized in its entirety between the two machines?