Lighttpd

Hi everyone,

I run one site that needs HTTPS, so I had to buy a year ago a certificate from Geotrust, nothing wrong happened. I wrote the steps I took in the key and CSR generation process, so the steps I took were the same.
Now that the certificate is about to expire, I needed to renew it, and the steps I took were these (I replaced domain.ext for the real domain name):

1) openssl genrsa -des3 -out www.domain.ext.key 1024

asked for a key passphrase, and I gave it a 32 chars one

2) openssl req -new -key www.domain.ext.key -out www.domain.ext.csr

I submitted the .csr to Geotrust and they gave me a CRT, when copying and pasting the CRT into a file I respected line endings and I'm sure 100% it's everything unix and no unicode.
When I was asked for the Common Name I entered the domain name, with the "www." included, that is, www.domain.ext.

3) cp www.mydomain.ext.key www.mydomain.ext.key.orig && openssl rsa -in www.mydomain.ext.key.orig -out www.mydomain.ext.key

I copied the original key to the .orig file, then removed the key encryption so lighttpd doesn't asks for the pass when starting.

4) now with the new "passwordless" key, I proceeded to chain both, key and crt to a single .pem file that lighttpd needs:

cat www.domain.ext.key www.domain.ext.crt > www.domain.ext.pem

5) now with the .pem file, I downloaded the Intermediate Certificate from Geotrust and configured lighttpd this way:

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/srv/lighttpd/etc/certs/www.domain.ext.pem"
ssl.ca-file = "/srv/lighttpd/etc/certs/GTPCA.cer"
}

6) When I proceed to start the webserver, it throws this error:

2009-05-06 18:40:19: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D064:PEM routines:PEM_read_bio:bad base64 decode /srv/lighttpd/etc/certs/www.domain.ext.pem

One thing to note is that the webserver start just fine with the certificate that's about to expire, but not with this one. Also, for another site, I did the same steps about 2 or 3 weeks ago and I didn't had any problems. I purchased another certificate bc I initially thought I mistyped something when creating the key or CSR but I had the same issue.

I already tried to use the password protected key to make the .pem file, and it asks for the passphrase but then fails with the same error.
File encodings were checked, everything is unix, nothing dos neither unicode.
The product I purchased with Geotrust is a "GeoTrust QuickSSL Web server certificate".
The lighttpd version is "lighttpd-1.4.21 (ssl) (Feb 17 2009 11:29:36) - a light and fast webserver".
I'm on Linux Debian Etch.
The URL that has all the root certificates and intermediate certificates is this: http://www.geotrust.com/resources/root-certificates/index.html

Thanks in advance for any reply to this issue I'm having, I'm starting to get kinda desperated on this issue :-(

Carlos