When uploading your certificate and private key files to Ambassador, there are several potential errors you may encounter if the files are not formatted correctly. We recommend reviewing this support article to ensure your files are formatted appropriately: SSL Certificate and Key File Resources
Outside of formatting, other common issues that may cause an error include:
Utilizing the same domain for the custom short domain and custom domain in the portal. Please note, the CNAME for the custom short domain must point to mbsy.co while the custom domain for the portal must point to portals.getambassador.com.
Invalid expiration dates for your certificate and key files.
What does my custom domain error mean?
If an error message is thrown, it will show in the top-right corner of your screen. The list below contains some of the more common errors you may encounter and how to remedy them.
Error: The certificate file provided does not contain any certificates. The file you have uploaded may have content, but if there are no certificate chains that begin with “-----BEGIN CERTIFICATE-----” and end with “-----END CERTIFICATE-----” then our system cannot upload the certificate and you’ll receive this error message. Please note, if you need further guidance on the differences in certificate types and how to convert them, checkout this external resource.
Error: Private key file does not contain a key. The file you have uploaded may have content, but if there is no key that begin with “-----BEGIN RSA PRIVATE KEY-----” and end with “-----END RSA PRIVATE KEY-----” then our system cannot upload the certificate and you’ll receive this error message.
Error: Private key does not match certificate(s) provided. When you request an SSL certificate from a Certificate Authority (CA) using your private key and certificate signing request, the private key you provide to the CA is used to "sign" the final certificate that they send back to you. When uploading your certificate to Ambassador, this error means that the "signature" of the certificate you uploaded did not match the key you uploaded.
Error: Private key file must be in PEM format and cannot be password protected. Our system can only read key files that are not password protected. Please note, if you need more information on how to remove the password from your key file, check out this external article from madboa.com.