Apache failed to start after SSL config change. No errors. Please help

Question

Website(s) were up. I changed my config files in sites-enabled, then ran:

apache2ctl configtest

Got: Syntax OK

Then ran:

apache2ctl graceful

Got returned to the command prompt. No messages. The websites went down, did not restart. Also, I wasn't prompted for a passphrase which I should have been since my key has it.

So I put back the old configs (quickly) and restarted.

Does apache2ctl graceful not support the passphrase ? No error messages were in error.log files. Just "[notice] Graceful restart requested, doing restart", then nothing.

UPDATE 7/8 : After searching other error logs (previously just checked main one), I found this:

SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

Answer 1

Do a full restart, not a graceful one. Your change to have the private key unencrypted should also work.

Conceptually, I can't imagine the apachectl process being able to prompt for a new passphrase for a startup when the main process is only being sent signals by apachectl, not being spawned by it.

In more concrete terms - this 7-year-old posting on a bug report confirms that the behavior that you're seeing is expected - sorry, couldn't find anything more recent confirming that the issue still exists in current apache versions, but it fits.