Apache SSLCertificateFile error: Does not exist or is empty


#1

just an FYI,
Same exact problem as closed post,

Everything except the following worked,

apache2ctl -V

AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/my.ddns.net/fullchain.pem’ does not exist or is empty
Action ‘-V’ failed.

I successfully verified fullchain was there by…
sudo openssl x509 -text -noout -in /etc/letsencrypt/live/my.ddns.net/fullchain.pem

Unlike the closed post, only changing the archive permissions to 0755 did not solve the problem…
Once I also changed the folder live to 0755 was apache2ctl -V working again…


#2

Hi @enrgyxprt,

You should use sudo apache2ctl -V or launch the command as root.

You should NOT change those perms.

Cheers,
sahsanu


#3

Believe I tried (but cant say for certain), and still had the error messages prevent any useful output…
Additionally,

$ apachectl -M
AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/my.ddns.net/fullchain.pem’ does not exist or is empty
Action ‘-M’ failed.
The Apache error log may have more information.

Now works…

Understandable, but looking at the OP referenced, was sort of a confirmed bug and fix,
If I misunderstood that post, please let me know…


#4

If you changed the perms for live and archive directory and now it works, it is because you were launching apachectl or apache2ctl with an unprivileged user, using the same command with sudo or root should have no issues to read those files, otherwise you should be worried because something is not working properly on your side ;).


#5

Fair enough, do you know what the default permissions were ? I will change them back, and run commands using sudo to verify…

TY !


#6

Hi @enrgyxprt,

These are the required perms:

# namei -mo /etc/letsencrypt/live/your.domain.tld/fullchain.pem 
f: /etc/letsencrypt/live/your.domain.tld/fullchain.pem
 drwxr-xr-x root root /
 drwxr-xr-x root root etc
 drwxr-xr-x root root letsencrypt
 drwx------ root root live
 drwxr-xr-x root root your.domain.tld
 lrwxrwxrwx root root fullchain.pem -> ../../archive/your.domain.tld/fullchain17.pem
   drwx------ root root ..
   drwxr-xr-x root root ..
   drwx------ root root archive
   drwxr-xr-x root root your.domain.tld
   -rw-r--r-- root root fullchain17.pem

Above output covers the perms of dirs and files you have modified. Keep in mind that the ones with lrwxrwxrwx are symbolic links.

Cheers,
sahsanu


#7

SO when I chmod’ed, I wound up hosing more than the folder permissions…

Since im a bit of a perfectionest, I needed to fix more than folders…

Got a crash course in getfacl and setfacl… Lucky for me I has a slightly older vdi where I was at least able to transfer everything over …

Verdict… Yup, sudo apache2ctl -V worked (As you already knew…)

Guess I should be a little slower to jump… Or at least back up the dir I plan on wrecking …

Thanks!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.