I was upgrading F5 device certificate that was scheduled to expire. After importing the newly signed certificate from the certificate authority, I lost access to the management user interface (UI). I secured shelled into the device and ran a status check on the httpd service

bigstart status httpd

which confirmed that the httpd server was down. When I tried restarting the httpd service with the command

bigstart start httpd

I got this error prompt.

**httpd[30456]: [ssl:emerg] [pid 30456] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
**Starting httpd: [FAILED]

This meant that the certificate I uploaded and the key on file did not match. To quickly get access back to the TMUI, I navigated to the httpd configuration folder.

cd /config/httpd/conf/ssl

Here I ran the list command to see the previous SSL certificates that worked with the crypto key on the device. Since I had all the previous working certs, I decided to use the server.crt.DO.bak to get back access to the GUI despite the fact that the certificate had expired.

-rw-r--r--. 1 root root 1521 Mar 18 16:03 server.crt
-rw-------. 1 root root 1797 Jul 12  2023 server.crt.DO.bak
-rw-------. 1 root root 1521 Mar 23  2022 server.crt.DO.orig

cd ssl.key

I navigated to the ssl.key folder

to confirm that the key dates and time matched the certificates. Then I went back to the certificates folder, made a copy of server.crt.Do.bak and then used it to replace the faulty server.crt

cp server.crt.DO.bak server.crt.DO.bak2023
cp sercrtver.crt.DO.bak server.
cp: overwrite 'server.crt'? y

Then I restarted the httpd and tomcat services

bigstart start httpd
bigstart restart tomcat

When I refreshed my browser I had regained access to the F5 TMUI. I then navigated in the TMUI to device certificate and updated the certificate with the new key and all is working well.

NOTE: I noticed that after successfully installing the new certificate and key, there was a yellow banner on the top of the F5 screen stating "Error getting auth token from login provider."  For some reason this prevented traffic from flowing in the device. To resolve the issue, I had to restart the BIG-IP REST daemons restjavad and restnoded

tmsh restart sys service restjavad restnoded