Nginx ssl X509 check private key values mismatch

 

SYMPTOMS

nginx[100845]: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/xxx.com/private.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)

ROOT CAUSE

I try to combine ca_bundle.crt and certificate.crt as a new certificate.crt, but I mixed the order up. 

• wrong version

cat ca_bundle.crt certificate.crt > jfrog_certificate.crt

• verify certification and private key are the same.

# openssl x509 -noout -modulus -in jfrog_certificate.crt | openssl md5
(stdin)= 4a3cdea116805b67e64ff1a29f2ae8ed
# openssl rsa -noout -modulus -in private.key  | openssl md5
(stdin)= afdb98a0c92f175c86af2d241adb215f

Solution

Change the order, and create a new a new certificate.crt again.

• correct version

cat certificate.crt ca_bundle.crt  > jfrog_certificate.crt

• verify certification and private key are the same.

# openssl x509 -noout -modulus -in jfrog_certificate.crt | openssl md5
(stdin)= afdb98a0c92f175c86af2d241adb215f
# openssl rsa -noout -modulus -in private.key  | openssl md5
(stdin)= afdb98a0c92f175c86af2d241adb215f

P.S

CA bundle is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain.

Reference

• ssl-error0b080074x509-certificate-routinesx509-check-private-keykey-values
• 【解决方案】SSL证书报错：X509checkprivate_key:key values mismatch