I wanted to renew an SSL certificate with openssl signed by our internal CA but got the TXT_DB error number 2.
$ openssl ca ... failed to update database TXT_DB error number 2 You may see this when trying to generate a new SSL certificate, but the same DN (the common name, etc.) was used before (and recorded in index.txt). Many people should see this error, because we frequently rotate SSL certificates with new ones for additional security ;) You may then discover the fix is to set 'unique_subject = no' in openssl.cnf, but find that it still doesn't work. This is because when initialising the CA, the setting was duplicated into index.txt.attr to confuse you.
Thanks for it 🙂