RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

winanjaya · February 19, 2018, 2:25pm

I am facing with apache error below:

[Mon Feb 19 21:13:59 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 19 21:13:59 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 19 21:18:30 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 19 21:18:30 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

Centos 6.6

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
ServerName mydomain.org
ServerAlias www.mydomain.org
#Redirect / https://mydomain.org/
RewriteEngine on
RewriteCond %{SERVER_NAME} =mydomain.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=permanent]

ServerName mydomain.org ServerAlias www.mydomain.org DocumentRoot /var/www/html

ErrorLog /var/log/mydomain.org-error_log
CustomLog /var/log/mydomain.org-access_log common

<Directory “/var/www/html”>
#AllowOverride All
allow from all
Options None

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/mydomain.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.org/chain.pem

please help
thanks a lot in advance

bytecamp · February 19, 2018, 2:37pm

Check for other SSLCertificateFile statements in your configuration:

$ grep -ri SSLCertificateFile /etc/apache2

Depending on where your configuration actually resides, you would have to change /etc/apache2 to the corresponding path.

mnordhoff · February 19, 2018, 3:19pm

That warning happens during TLS-SNI-01 validation. Unless it’s also happening at normal times, nothing is wrong.

winanjaya · February 19, 2018, 3:49pm

after modifying ssl.conf …I did not find such error, but I got new error:

Options FollowSymLinks or SymLinksIfOwnerMatch is off which implies that RewriteRule directive is forbidden: /var/www/html/wp-content/uploads/

what I missed?

<Directory “/var/www/html”>
allow from all
Options None

bytecamp · February 20, 2018, 9:03am

The message is clear: set Options +FollowSymlinks for /var/www/html

system · March 22, 2018, 9:03am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.