macOS Apache error

My domain is:

Although I have about 10 domains total on the server. is the ServerName as listed in httpd.conf.

I ran this command: sudo apachectl start

It produced this output:

[Sat May 19 04:13:58.463006 2018] [ssl:emerg] [pid 11959] AH02572: Failed to configure at least one certificate and key for
[Sat May 19 04:13:58.463406 2018] [ssl:emerg] [pid 11959] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat May 19 04:13:58.463416 2018] [ssl:emerg] [pid 11959] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed

My web server is (include version): Apache (installed using Brew)

The operating system my web server runs on is (include version): Mac OS High Sierra 10.13.3

My hosting provider, if applicable, is: self-hosted macmini

I can login to a root shell on my machine (yes or no, or I don’t know): yes

sudo ls -l /etc/letsencrypt/live/ produces:

total 40
-rwxr-xr-x  1 root  wheel  682 May 18 11:21 README
lrwxr-xr-x  1 root  wheel   34 May 18 11:21 cert.pem -> ../../archive/
lrwxr-xr-x  1 root  wheel   35 May 18 11:21 chain.pem -> ../../archive/
lrwxr-xr-x  1 root  wheel   39 May 18 11:21 fullchain.pem -> ../../archive/
lrwxr-xr-x  1 root  wheel   37 May 18 11:21 privkey.pem -> ../../archive/

the apache user:group in httpd.conf is pipper:staff, if that matters.

I’m stumped. The server runs fine without SSL enabled.



Hi @dennispipper,

Could you post the Apache configuration file for this virtual host? It might be missing one or more lines that should be pointing at these PEM files.

Please show:
grep -Eri 'ServerName|ServerAlias' /etc/apache2
or (depending on your version of Apache)
grep -Eri 'ServerName|ServerAlias' /etc/httpd/

@schoen here is the vhosts file for this domain, all the domains on the server look pretty much the same, though.

<VirtualHost *:80>
    DocumentRoot /Users/pipper/Sites/Default
     ErrorLog /usr/local/var/log/httpd/error_log
    CustomLog /usr/local/var/log/httpd/access_log common

<VirtualHost *:443>
    DocumentRoot /Users/pipper/Sites/Default
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/

@rg305 here is what I have:

spartn:~ pipper$ grep -Eri 'ServerName|ServerAlias' /usr/local/bin/httpd
Binary file /usr/local/bin/httpd matches

grep through the folder that has the vhost config file(s).

What folder are they in?

The vhosts files are in the /usr/local/etc/httpd/extra/vhosts. The vhosts file can be read, because the sites load on port 80 without the Include statement for the httpd-ssl in the httpd.conf

Please show:
grep -Eri 'ServerName|ServerAlias|VirtualHost|Listen' /usr/local/etc/httpd/extra

It returned quote a few lines, so I’ve put it in a text file in the “cloud”:

Ok, please post the contents of these blocks:

/usr/local/etc/httpd/extra/httpd-ssl.conf:<VirtualHost _default_:443>

/usr/local/etc/httpd/extra/httpd-vhosts.conf:<VirtualHost *:80>
/usr/local/etc/httpd/extra/httpd-vhosts.conf: ServerName
/usr/local/etc/httpd/extra/httpd-vhosts.conf: ServerAlias

/usr/local/etc/httpd/extra/vhosts/_default.conf:<VirtualHost *:80>
/usr/local/etc/httpd/extra/vhosts/_default.conf: ServerName
/usr/local/etc/httpd/extra/vhosts/_default.conf: ServerAlias

and the contents of this file:

and also this output:
grep -Ri include /usr/local/etc/httpd/

In a number of other threads, an Apache VirtualHost _default:443 has turned out to be the problem somehow (for example maybe here it doesn't have a certificate assigned in that virtual host?).

Yes, I’m also leaning in that direction.
Just a bit more methodically and ever so deliberate in showing why we decided to look there.

Included in this link:

I can’t find any overlap…….

1 Like

I don’t understand the _default_ thing very well, but it seemed like some other users solved their problems by completely commenting out a _default_ virtual host.

1 Like

@schoen @rg305 removing the _default did it! Everything works like a champ now

Thank you for your help. I am very grateful


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.