Self hosted CA SSL certs (wildcard) causes error

Hi,

I have a self-hosted CA … and from there created a wildcard for my domain (which isn’t a valid TLD so no LetsEncrypt for me). I have tried just providing the wildcard cert + key … I have also tried providing the partial chain (CA + wildcard) as the cert + key, full chain (CA + issuer + cert) and the key however on startup I get:

homeassistant.exceptions.HomeAssistantError: Could not use SSL certificate from ssl/chain.pem: [X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:3895)

A) Is there a weird requirement for the order of the certs or are wildcard certs not acceptable?
B) Is there a utility that I can use to test combinations with rather than reboot my whole system on every test?

That error would mean you provided the wrong private key for the certificate.
The tool of choice for certificates is openssl, obviously, but you have web sites allowing you to validate your certificates/keys.

It’s a valid set … tested it with openssl. The same key and cert work on 10 other apps, machines, etc that are in that in my lab.

Hello aram535,
Did you solve your issue ?
I think I have the same problem…
Any help would be appreciated.
Regards,
Mathieu

Hi @Degermann - yes I followed Certificate Authority and self-signed certificate for SSL/TLS … for the fullchain.pem file the order is very important, and must be a valid chain.