JakeTheDog420 wrote:zeknoss wrote:Hello everyone,
I tried this script and it worked, however now vesta service does not start and give this error:
Starting vesta-nginx: nginx: [emerg] SSL_CTX_use_PrivateKey_file("/usr/local/vesta/ssl/certificate.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Why is this happening?
Exact same issue as you :/ everything worked for a while I believe over 24hours and now suddenly I get errr connection refused on the vestaCP and error if I try to restart vesta service manually via terminal!
have you had any success resolving this issue?
Managed to get it working (not sure if the fix is a permenant solution or if it just managed to get the control panel accessible again but hopefully at the bare minimum its repeatable if the issue persists until a full fix is found)
First step is to find a working set of SSL keys. I wasn't sure where to find these or but I re-issued my command v-add-letsencrypt-domain mydomain.com alias.mydomain.com serverip hoping that it would work.
Now when that didn't work and I saw the error was about an SSL mismatch my assumption was maybe the command is issuing new keys but not updating the server so the wrong keys were getting used...
The directory with the keys that are created upon the v-add command is /home/[USER]/[YOURDOMAIN]/conf/web/
Here you will find at least one .key and one .crt file.
I actually had 8files all with the SSL prefix.
Choosing which one to use felt like mostly guess work as it seems that it generated seperate ssl keys for each of my domains I specified even though one was a subdomain and the other was my server IP and they were supposed to be made as an alias.. I decided to go with my subdomain key and crt file.
I then proceeded to make a backup of the current SSL files vesta was referring to. I did this twice once locally on the server and then again externally on my local machine. I used SSH to make the backup files.
CD to /usr/local/vesta/ssl/
cp certificate.crt certificate.crt.bkup
cp certificate.key certificate.key.bkup
Then you can FTP into your server and go to the same directory and download either the original or the backup files to your local machine. They should be the same so eithers fine. Then proceed to delete the original cert.key and cert.crt files leaving only the .bkups on your server.
From here return to your SSH terminal session and change directory again if you're in the vesta/ssl directory back to your user directory which contains your SSL keys.
Simply copy them over using the cp command again example below:
cp subdomain.domain.com.crt /usr/local/vesta/ssl/certificate.crt
cp subdomain.domain.com.key /usr/local/vesta/ssl/certificate.key
This will create a copy with the correct name in the vesta ssl directory.
Last step is simply to restart the vestaCP service and prey that you get the OK on both nginx and vestaphp service's this time!
I can confirm this fixed my mismatch and allowed the vesta service to restart. Once restarted my serverIP:8083 was accessible again however displayed a SSL insecure warning showing the certificate is registered to my subdomain.
I can also confirm if I access the vesta control panel via subdomain.domain.com:8083 I go straight to the login page and see a green padlock confirming the page is being loaded securely.
Hopefully this fixes it if anyone else runs into similar problems! Shame this forum isn't more active I feel like vesta has a lot to offer but without an active community many people probably move to cpanel or possibly even other free options with more active communities.. Anyway I'll post this in the other places I saw similar issues where I posted looking for help here so maybe it can help others (Y)