SSL Library Error: X509_check_private_key:key values mismatch

Question

I installed a new SSL certificate signed by our own Certificate Authority. Apache will not start, with the error:

SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

I have verified the key and cert Do match, so the error message is wrong. I have tred with and without the SSLCaCertificateFile directive. How do I fix this?

diff <(openssl rsa -in KEY -modulus -noout) <(openssl x509 -in CERT -modulus -noout) 

produces no output, which I belive is corect.

The commands used to make the certificates:

Create a CA:

openssl genrsa -des3 -out ca.key 4096 

Self sign the CA

openssl req -new -x509 -days 1826 -key my.key -out my.crt 

Generate a server key

openssl genrsa -out server.key 2048 

Create a csr for the new key

openssl req -new -key server.key -out server.csr 

Create a certificate from a CSR:

openssl x509 -req -in server.csr -CA my.crt -CAkey my.key -out server.crt -days 1820 

Answer 1

I had more than one vhost file with SSL enabled.

The second host I didn't care about matching the domain because it was for private use. If you have more than one vhost with ssl on a single IP, you have to update the certificates in all of them at the same time, apparently.

Answer 2

Make sure you supply all the chain of certificates. You can also try to combine them in one .pem as described here