• 9
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

Here is what happened:

I generate the CSR via the MediaTemple site (that is the only way to do it. since a GS is a share server). Send it over the namecheap.com (its signed by RapidSSL).

When I got back the certificate and CA. Tried to import it back the media temple. I get the

"Key do not match" error.

Contact both support. They just keep pushing the blame to the other. namecheap.com say there is an RSA key generate (which I do not have access to). And media temple just blame other people outright without even trying to explain what could have gone wrong.

My question is:

  1. Anyone has the same problem?

  2. What could be the cause of this error?

Thanks

Joel Chu, I don't know if this helps you but maybe, and I hope to help other MediaTemple users. I spent all day long trying to config a certbot-generated certificate on a MediaTemple GridServer shared host, but this should work with Acme PHP and other generators as well:

The solution, undocumented as far I can tell:
1. paste the fist certificate generated on fullchain.pem on the Certificate field.
2. paste the second certificate generated on fullchain.pem on the CA /Chain certificate field.
3. paste the key generated on privatekey.pen but with a detail on first and last lines.
They MUST have the RSA keyword:

Replace the existing -----BEGIN PRIVATE KEY----- (or whatever is in the file)

with:

-----BEGIN RSA PRIVATE KEY-----

You must do the same for the last line. It should read:

-----END RSA PRIVATE KEY-----

After that I was able to add a certificate to my domain, and it is accepted by MT.

Hope this helps

  • 4
Reply Report
    • @mr-euro Nice catch on the bottom line. I specifically wrote to MT to tell them this was missing from their documentation. I haven't looked, but if they haven't added it anywhere by now, I suspect they leave it out on purpose to sell more SSL certs.
    • This was the exact issue we were having. Added "RSA" in between as described and the key/certificate combo was accepted promptly. Just remember that you need to add "RSA" as well to the bottom line in the key. Incredible that Mediatemple does not clarify this somewhere...

I have similar issue pretty often but that is because I'm generating a lot of certificates manually and singing them with an internal CA.

The cause of the issue is pretty straightforward: the private key that your server has kept doesn't match the public key embedded within your certificate.

The most common cause of this error is, by far, an operator error, sometimes made worth by poorly designed software. Basically, what often happens is that you generate a key pair and a CSR (Certificate Signing Request), send the CSR and then re-generate a new key pair. If the software is too dumb to remember more than one key, then it will lose the previously generated private key.

The solution for these kind of issues, if you're unwilling to simply outsource the job to the server operator. is to generate everything locally (using OpenSSL is the best option) and be careful about the private key you generate (I use a local Mercurial repository for this, which allows me to keep track of what was generated when and, if necessary, go back in time). Once you have the signed certificate, you it, along with the private key, to the server.

  • 2
Reply Report
    • The problem as I stated is the fact that I don't have access to the server (its a share) so everything must be done through Mediatemple website. Which I suspect is the cause of problem. I can only genearte one CSR at a time. But it doesn't really tell me which is what and which etc. Again Mediatemple is just pushing the ball to others.
      • 2
    • I'm afraid there is no magic bullet here. Open a support ticket, politely ask them what solution is available and if there is a supported way to use your own cert and private key.
    • Its been 2 weeks. I open 4 tickets so far. Each time they just copy and paste me the same line "As the certificate is signed by a third party. We can not help." WT*! I am terminating the contract (But note here - they will not give me any refund! So I am the one who lose out. ) If they charge a reasonable amount for the SSL cert. I will go with them. But they asking for $80 a year
    • Then maybe you should pick another hoster. But you have to know that you usually get what you are paying for: picking the cheapest provider is not always the best solution (or the cheapest in the end).
      • 1
    • Well, this is funny. MediaTemple is regard as the Apple of hosting (as well as the price). so I am not sure what you are implying. And do you really know what you are talking about here? I am asking a share host problem but you are telling me a manage host. Which BTW, I have no problem to configure a data centre if I want to. The question was is there anyone out there have the same problem with this particular hosting company - which is mediatemple.net

I had the same problem and solved it by re-issuing the certificate and being careful to not close the mediatemple tab that I had used to generate the CSR request. Once I received my new certificate, I used that same tab to navigate back and import the certificate.

The first time I did it (and got this error) I had closed the mediatemple CSR tab, (and possibly even reloaded it before doing so) which might have caused the mediatemple software to generate a new key causing the key mismatch.

  • 0
Reply Report

Trending Tags