7

I am trying to reinstall SSL on a domain where the previous certificate expired. I have removed the old certificate and I am attempting to install the new certificate I purchased from NameCheap in Web Host Manager per these instructions: http://wiki.spry.com/Installing_an_SSL_Certificate_in_WHM. My problem is whenever I am at Step 9, installing the SSL certificate I WHM tells me my private key and certificate do not match. I have attempted to recreate the CSR and certificate from a new private key multiple times all with the same result.

I don't know if this is relevant but if I use the self signed certificate WHM generated instead of the certificate I purchased the private key and certificate do match. Any ideas why the private key and certificate aren't matching?

alan
  • 71

3 Answers3

2

WHM attempts to find the appropriate private key to match the domain.

However, if multiple CSRs or private keys are installed for the domain, the system may not identify the correct private key.

To correct this, you can manually paste the correct private key into the boxes when installing.

You can find the various private keys on the server using the SSL Cert/Private Key manager link in WHM.

jeffatrackaid
  • 4,182
  • 21
  • 22
0

Try

openssl x509 -req -in server.csr -signkey server.key -out server.crt

taken from How to convert .csr to .cer (or whatever usable on Windows).

to get the crt file from a csr. By this, the error

CA certificate and CA private key do not match

disappeared.

Another error popped up afterwards, therefore, no guarantee that this helps, see Reach TimescaleDB with Hasura API: "CA certificate and CA private key do not match" when using self-signed server certificate / private key.

questionto42
  • 464
0

if the private key does not match you have to Reissue the certificate to generate a new private key and reinstall the certificate.

jeadbox
  • 1