Apache2 certificates does not match

If your Apache2 is blocked (status inactive) because of SSL certificates’ issue, this article can be the solution you are looking for.

You can occasionally stumble in a problem of certificates mismatching, in other words you are probably using a certificate that is not related with the given private key.

It can happen especially if you are renewing your certificates manually, more over you can experience this issue when you use Certera or more generally letsencrypt certificates.

The symptoms are that the webserver is not active (inactive) and all your virtual hosts are not reachable on both 80 and 443 ports.

Furthermore the web server (apache2 in our case) is not up and running.

How to deal with that?

Simple, use the right certificates!

How can I be sure about the certificate mismatching?

Simple again 🙂

You can use this commands

openssl x509 -noout -modulus -in cert.pem | openssl md5
openssl rsa -noout -modulus -in privkey.pem | openssl md5

You will be ok when the resulting md5 string is the same for both certificates.

Useful details and references

Note that your certificate can have .crt extension rather than the .pem one.
Also the privkey.pem can have a different name with .key extension.

To check if your apache2 is working correctly (i.e. status active) you can run this command:

systemctl status apache2

To check if there is some error you can use the command

tail -f /var/log/apache2/*.log

The solution has been ispired by this very useful article on Digicert.com.

Certera.io notification via Slack webhook on Rocketchat

Certera is a software that allows you, as sysadmin, to centralize the production and the distribution of SSL certificates for your websites and applications.

If you landed here it’s because you probably need to go deeper on some topic as notifications from Certera when something is going wrong or, more often, when a certificate is about to expire.

An easy and effective way to get notifications from Certera is on your Slack chat with a webhook, but what happen if you or your company are using Rocket Chat as instant messaging system?

I personally opened a ticket (feature request) to Certera developers (that are very reactive) in which I asked for a RocketChat integration for Certera.io.

I’m sure they will solve it soon, but meanwhile I will give you some hint to make the things done with the Slack Webhook, in order to translate the request from Slack to RocketChat.

Let’s begin then.

Step1 – Create a Rocketchat webhook

  • Go to Admin panel -> Integration
  • Create an Incoming Webhook dedicated to certera
  • Configure it
  • Activate the script and put there the following code (gotten in Rocket Chat Integrations page)
/* exported Script */
/* globals console, _, s */

/** Global Helpers
 *
 * console - A normal console instance
 * _       - An underscore instance
 * s       - An underscore string instance
 */

class Script {
  /**
   * @params {object} request
   */
  process_incoming_request({ request }) {
    // request.url.hash
    // request.url.search
    // request.url.query
    // request.url.pathname
    // request.url.path
    // request.url_raw
    // request.url_params
    // request.headers
    // request.user._id
    // request.user.name
    // request.user.username
    // request.content_raw
    // request.content

    // console is a global helper to improve debug
    console.log(request);

    return {
      content:{
        text: request.content.blocks[0].text.text + "\n" +  request.content.blocks[1].text.text
        // "attachments": [{
        //   "color": "#FF0000",
        //   "author_name": "Rocket.Cat",
        //   "author_link": "https://open.rocket.chat/direct/rocket.cat",
        //   "author_icon": "https://open.rocket.chat/avatar/rocket.cat.jpg",
        //   "title": "Rocket.Chat",
        //   "title_link": "https://rocket.chat",
        //   "text": "Rocket.Chat, the best open source chat",
        //   "fields": [{
        //     "title": "Priority",
        //     "value": "High",
        //     "short": false
        //   }],
        //   "image_url": "https://rocket.chat/images/mockup.png",
        //   "thumb_url": "https://rocket.chat/images/mockup.png"
        // }]
       }
    };

    // return {
    //   error: {
    //     success: false,
    //     message: 'Error example'
    //   }
    // };
  }
}

Configure and activate everything.

Step2 – Put the webhook url to Certera.io admin web panel

In Certera.io notification page you will find the Slack webhook URL, put what you have produced on Rocketchat side and activate the notification.

Done!

Explaination

You have certainly noticed that the most of the source code is commented (//), infact the most important part of the code is:

        text: request.content.blocks[0].text.text + "\n" +  request.content.blocks[1].text.text

This code translates the payload of the POST request gotten via webhook by Rocket Chat.

The “translation” is done according to the template I found in Certera.io source code.