Improper SSL configuration in Apache configuration file leads to error "AH02572: Failed to configure at least one certificate and key" .
As part of our Server Management Services, we regularly help our Customers to fix Apache related errors here at Ibmi Media.
In this context, we shall look into the cause for this error and how to resolve it.
What triggers Apache error "AH02572: Failed to configure at least one certificate and key" ?
If Apache is configured to use the SSL module and is missing a TLS/SSL public certificate and corresponding private key then it throws an error message ‘AH02572: Failed to configure at least one certificate and key’.
This error will allow Apache to start and it is usually found in Apache logs.
Methods to fix Apache error "AH02572: Failed to configure at least one certificate and key" ?
You can apply the following tips to resolve this error;
1. Configuring Let's Encrypt TLS Certificate
The first option is to configure the Apache with a private key and public certificate that is signed by a recognized Certificate Authority (CA). Let’s Encrypt is a free CA using which you can issue a valid certificate. Moreover, its process is automated, and the scripts will configure the Apache for you.
This approach will ensure the traffic to be encrypted properly so that web browsers and other HTTP clients trust your Apache server.
2. Create a Self-Signed Certificate
The second option is to create your own self-signed certificate for Apache. Normally, this approach is used by development and testing environments. You can also use this approach if your server is not directly connected to the internet.
3. Disable the SSL Module
The last option is to turn off the Apache’s SSL module completely. This is not a preferable option as the traffic to and from the server will not be encrypted. However, in the case of local development or in a trusted environment this approach is suitable.
Here is the command to disable Apache's SSL module on Ubuntu and Debian-derived systems
$ sudo a2dismod ssl
In case of CentOS, Fedora, and RedHat-derived systems, here is the command to disable it.
$ sudo rm /etc/httpd/conf.modules.d/00-ssl.conf
After disabling the SSL module, run the below command to ensure the configuration is valid or not.
$ sudo apachectl configtest
A successful output must be received as shown below.
Now restart the Apache. For Ubuntu and Debian-derived systems, run the following command
$ sudo systemctl restart apache2.service
CentOS, Fedora, and RedHat-derived systems, run the following command to restart Apache.
$ sudo systemctl restart httpd.service
If there are no more errors from the above command then disabling SSL module was successful.