SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch – If you got this error when you try to Install a SSL Certificate on NGINX server, it mean that your cert and private key mismatch. The modulus should match. Make sure you have correct key. If you are sure about the private key, then the very common wrong here is wrong ca-bundle file. Make sure you have correct ca-bundle file. Ca-bundle file is a file contain your cert (at the very first of ca-bundle file) and ca-bundle from Certificate issuer.
What is CA bundle?
CA bundle is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain.
The chain is required to improve compatibility of the certificates with web browsers and other kind of clients so that browsers recognize your certificate and no security warnings appear.
Comodo may send you a complete CA bundle in a zip file with a *.ca-bundle extension or root and intermediate certificates separately.
In case you have received the intermediate and root certificates as separate files, you should combine them into a single one to have a complete CA_bundle. But since the certificates in the CA bundle should be in a particular order, it could be not clear what the correct sequence of root and intermediate certificates is.
For example, you have received Comodo’s PositiveSSL in zip. There could be three files: yourdomain.crt, COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt and AddTrustExternalCARoot.crt. While, obviously, yourdomain.crt is a public certificate issued for your domain name, it could be not clear how to create a correct CA bundle for it with the other two files.
If you follow my instruction on post install a SSL Certificate on NGINX server, you will not get any error like this.
You can test to see what the cert thinks it represents by running. Make sure to cd to the cert folder.
openssl x509 -noout -text -in yourcert.cert
If everything is ok, then you should check the ca-bundle file. Follow step to make Ca-bundle file i notes in the previous post when install a SSL Certificate. Or you can try to do as follow link:
How do I make my own bundle file from CRT files?
How to fix?
Just fix the CA – Bundle file and it should be OK or make sure you have correct private key file