Apache error "cert.pem does not exist or is empty"

Help
1

I ran this command: sudo service apache2 restart
It produced this output (after running apachectl configtest):

[so:warn] [pid 2674:tid 1996386304] AH01574: module ssl_module is already loaded, skipping
AH00526: Syntax error on line 17 of /etc/apache2/sites-enabled/example.com.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/example.com/cert.pem' does not exist or is empty
Action 'configtest' failed.

The file exists and is not empty, and the symlink seems correct.
My web server is: Apache 2.4.10 (Raspbian)
The operating system my web server runs on is: Raspbian (I am using the version from April 2017 I think)
I can login to a root shell on my machine: yes
I'm using a control panel to manage my site: I use a control panel to manage the domain name's records, the rest is managed on my server.

Other info: I also changed the directory names from example.com-0001 to example.com in live and archive folders in letsencrypt, but that didn't fix the problem (the symlinks are correct too).

My Apache config file (I'm not actually using example.com of course):

<VirtualHost *:80>
     ServerName example.com
     ServerAlias www.example.com *.example.com
     DocumentRoot "/var/www/websites/example"
     Redirect / https://example.com
</VirtualHost>
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
     ServerName example.com
     ServerAlias www.example.com *.example.com
     DocumentRoot "/var/www/websites/example"
     SSLEngine on
     SSLCertificateFile "/etc/letsencrypt/live/example.com/cert.pem"
     SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"
     SSLCertificateChainFile "/etc/letsencrypt/live/example.com/chain.pem"
</VirtualHost>

I also have another domain name which uses another config file but it looks the same as shown above but with the other domain name. That one works, but I don't know why this one doesn't.

I also used sudo /path/to/certbot-auto --apache certonly to generate SSL certificate.

2

Hi @XxMoNsTeR,

So if you cat that exact file path, you see PEM data?

Is there any chance that there’s a file permission problem?

3

Yes when I cat cert.pem I see:

---BEGIN CERTIFICATE---
CERTIFICATE HERE
---END CERTIFICATE---

And the permissions of the pem files are the same for both domain names.
I have also tried changing the 'archive' folder permission to 755, that didn't work either.

I have 2 different certificates (one for each domain name).

1 Like
4

check if file locking is an issue

http://www.linuxask.com/questions/how-to-check-if-a-file-is-locked-in-linux

I would also restart the whole system if possible and see if that fixes the problem

When you are running CAT are you running CAT on the symlink file or the actual file in the archive folder?

Andrei

5

The files appear to not be locked and when I’m running the cat command, I’m running cat on both the symlink and the actual file and I get the same output which is a good thing.

EDIT: Maybe there is some kind of lock. The site worked when I took the other site’s config down. So maybe there is a file locking issue? But why can’t I see it locked with the lsof command?

UPDATE: I found the problem, the Listen 443 in the config doesn’t work when there are 2 configs requesting it I think.

SOLUTION: Fixed it by using one config for both domain names and include one Listen 443 in there or include a Listen 443 in a default apache config (000-default.conf or httpd.conf).

6

hi @XxMoNsTeR

Yes you will need to create a virtualhost (be more specific than * 443) for each of your two sites

You will then be able to map a certificate to each domain

Andrei

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.