‘AH02572: Failed to configure at least one certificate and key’ error occurs due to improper SSL configuration.

Here at Bobcares, we have seen several such SSL related issues as part of our Server Management Services for web hosts and online service providers.

Today we’ll take a look at the cause for this error and how to fix it.

Why does ‘AH02572: Failed to configure at least one certificate and key’ error occur

If Apache is configured to use the SSL module and is missing a TLS/SSL public certificate and corresponding private key then it throws an error message ‘AH02572: Failed to configure at least one certificate and key’.

This error will allow Apache to start and it is usually found in Apache logs.

How we fix ‘AH02572: Failed to configure at least one certificate and key’ error

Now let’s how we can resolve this error message. We can resolve this error in three ways.

1. Configuring Let’s Encrypt TLS Certificate

The first option is to configure the Apache with a private key and public certificate that is signed by a recognized Certificate Authority (CA). Let’s Encrypt is a free CA using which you can issue a valid certificate. Moreover, its process is automated, and the scripts will configure the Apache for you.

This approach will ensure the traffic to be encrypted properly so that web browsers and other HTTP clients trust your Apache server.

2. Create a Self-Signed Certificate

The second option is to create your own self-signed certificate for Apache. Normally, this approach is used by development and testing environments. You can also use this approach if your server is not directly connected to the internet.

3. Disable the SSL Module

The last option is to turn off the Apache’s SSL module completely. This is not a preferable option as the traffic to and from the server will not be encrypted. However, in the case of local development or in a trusted environment this approach is suitable.

Here is the command to disable Apache’s SSL module on Ubuntu and Debian-derived systems

$ sudo a2dismod ssl

In case of CentOS, Fedora, and RedHat-derived systems, here is the command to disable it.

$ sudo rm /etc/httpd/conf.modules.d/00-ssl.conf

After disabling the SSL module, run the below command to ensure the configuration is valid or not.

$ sudo apachectl configtest

A successful output must be received as shown below.

~~
Output
Syntax OK
~~

Now restart the Apache. For Ubuntu and Debian-derived systems, run the following command

$ sudo systemctl restart apache2.service

CentOS, Fedora, and RedHat-derived systems, run the following command to restart Apache.

$ sudo systemctl restart httpd.service

If there are no more errors from the above command then disabling SSL module was successful.

[Need any assistance in fixing SSL errors? – We’ll help you]

Conclusion

In short, this error occurs due to improper SSL configuration. Today, we saw the solution to this error.