Apache SSLCertificateFile error: Does not exist or is empty

enrgyxprt · August 18, 2018, 5:50pm

just an FYI,
Same exact problem as closed post,

Everything except the following worked,

apache2ctl -V

AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/my.ddns.net/fullchain.pem’ does not exist or is empty
Action ‘-V’ failed.

I successfully verified fullchain was there by…
sudo openssl x509 -text -noout -in /etc/letsencrypt/live/my.ddns.net/fullchain.pem

Unlike the closed post, only changing the archive permissions to 0755 did not solve the problem…
Once I also changed the folder live to 0755 was apache2ctl -V working again…

sahsanu · August 18, 2018, 6:18pm

Hi @enrgyxprt,

You should use sudo apache2ctl -V or launch the command as root.

You should NOT change those perms.

Cheers,
sahsanu

enrgyxprt · August 18, 2018, 6:58pm

Believe I tried (but cant say for certain), and still had the error messages prevent any useful output...
Additionally,

$ apachectl -M
AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/default-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/my.ddns.net/fullchain.pem' does not exist or is empty
Action '-M' failed.
The Apache error log may have more information.

Now works..

Understandable, but looking at the OP referenced, was sort of a confirmed bug and fix,
If I misunderstood that post, please let me know...

sahsanu · August 18, 2018, 7:19pm

If you changed the perms for live and archive directory and now it works, it is because you were launching apachectl or apache2ctl with an unprivileged user, using the same command with sudo or root should have no issues to read those files, otherwise you should be worried because something is not working properly on your side ;).

enrgyxprt · August 20, 2018, 12:41pm

Fair enough, do you know what the default permissions were ? I will change them back, and run commands using sudo to verify…

TY !

sahsanu · August 20, 2018, 3:17pm

Hi @enrgyxprt,

These are the required perms:

# namei -mo /etc/letsencrypt/live/your.domain.tld/fullchain.pem 
f: /etc/letsencrypt/live/your.domain.tld/fullchain.pem
 drwxr-xr-x root root /
 drwxr-xr-x root root etc
 drwxr-xr-x root root letsencrypt
 drwx------ root root live
 drwxr-xr-x root root your.domain.tld
 lrwxrwxrwx root root fullchain.pem -> ../../archive/your.domain.tld/fullchain17.pem
   drwx------ root root ..
   drwxr-xr-x root root ..
   drwx------ root root archive
   drwxr-xr-x root root your.domain.tld
   -rw-r--r-- root root fullchain17.pem

Above output covers the perms of dirs and files you have modified. Keep in mind that the ones with lrwxrwxrwx are symbolic links.

Cheers,
sahsanu

enrgyxprt · August 23, 2018, 11:17pm

SO when I chmod’ed, I wound up hosing more than the folder permissions…

Since im a bit of a perfectionest, I needed to fix more than folders…

Got a crash course in getfacl and setfacl… Lucky for me I has a slightly older vdi where I was at least able to transfer everything over …

Verdict… Yup, sudo apache2ctl -V worked (As you already knew…)

Guess I should be a little slower to jump… Or at least back up the dir I plan on wrecking …

Thanks!

system · September 22, 2018, 11:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.