Init: Can’t Open Server Certificate File

Every so often I need to update the SSL certificate on a CentOS box running Apache and when I do, lo and behold, I always run into this error:

[error] (13)Permission denied: Init: Can't open server certificate file /path/to/my/super/secret/ssl/cert.crt

The fix isn’t actually difficult or even hard to find, but I wanted to document it here as it’s one of my frequently forgotten linux commands (and just in case this article ever stops being on the front page of the googles).

If all of the configurations, permissions, and ownership is set up correctly for the certificate, but you’re still running into this issue, it’s likely selinux (Security-Enhanced Linux) that’s causing the problem. Try running ‘getenforce’ and if it returns as ‘enforcing’ you can try the following command:

chcon unconfined_u:object_r:httpd_config_t:s0 /path/to/my/super/secret/ssl/cert.crt

This will let the httpd daemon read the certificate file and allow Apache to start up as expected.