My domain is: e-hoang.com
I ran this command:
nginx -t
It produced this output:
cannot load certificate "/etc/ssl/private/": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)
My web server is (include version):
nginx version: nginx/1.24.0
The operating system my web server runs on is (include version):
Amazon Linux EC2
ami-08a52ddb321b32a8c
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
The version of my client is:
acme-nginx 0.3.3
I originally ran this command:
sudo acme-nginx -d e-hoang.com -d www.e-hoang.com
Which outputted this:
2023-08-29 21:42:49,533 - INFO - trying to create account key /etc/ssl/private/letsencrypt-account.key
2023-08-29 21:42:49,705 - INFO - trying to register acmev2 account
2023-08-29 21:42:50,343 - INFO - already registered
2023-08-29 21:42:50,344 - INFO - trying to create domain key
2023-08-29 21:42:50,344 - INFO - acmev2 http challenge
2023-08-29 21:42:50,344 - INFO - preparing new order
2023-08-29 21:42:50,777 - INFO - order created
2023-08-29 21:42:51,146 - INFO - verifying domain www.e-hoang.com
2023-08-29 21:42:51,199 - INFO - adding nginx virtual host and completing challenge
2023-08-29 21:42:51,199 - INFO - created challenge file into /tmp/tmp4gdjk8h_
2023-08-29 21:42:51,199 - INFO - writing virtual host into /etc/nginx/sites-enabled/0-letsencrypt.conf2023-08-29 21:42:51,200 - INFO - running nginx -s reload
2023-08-29 21:42:51,227 - ERROR - failed to reload nginx
2023-08-29 21:42:51,228 - ERROR - b'nginx: [emerg] cannot load certificate "/etc/ssl/private/": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)\n'
2023-08-29 21:42:51,228 - INFO - writing challenge file into /etc/nginx/sites-enabled/0-letsencrypt.conf
2023-08-29 21:42:51,228 - INFO - asking acme server to verify challenge
2023-08-29 21:42:51,681 - INFO - waiting for www.e-hoang.com challenge verification
2023-08-29 21:42:52,085 - ERROR - www.e-hoang.com challenge did not pass: {'identifier': {'type': 'dns', 'value': 'www.e-hoang.com'}, 'status': 'invalid', 'expires': '2023-09-05T21:28:44Z', 'challenges': [{'type': 'http-01', 'status': 'invalid', 'error': {'type': 'urn:ietf:params:acme:error:connection', 'detail': '35.172.110.80: Fetching http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0: Connection refused', 'status': 400}, 'url': 'https://acme-v02.api.letsencrypt.org/acme/chall-v3/259557528006/yJM8oQ', 'token': '4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0', 'validationRecord': [{'url': 'http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0', 'hostname': 'www.e-hoang.com', 'port': '80', 'addressesResolved': ['35.172.110.80'], 'addressUsed': '35.172.110.80'}], 'validated': '2023-08-29T21:42:51Z'}]}
2023-08-29 21:42:52,085 - INFO - removing /tmp/tmp4gdjk8h_/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0
2023-08-29 21:42:52,085 - INFO - removing /etc/nginx/sites-enabled/0-letsencrypt.conf
2023-08-29 21:42:52,086 - INFO - removing /tmp/tmp4gdjk8h_
2023-08-29 21:42:52,086 - INFO - running nginx -s reload
2023-08-29 21:42:52,112 - ERROR - failed to reload nginx
2023-08-29 21:42:52,112 - ERROR - b'nginx: [emerg] cannot load certificate "/etc/ssl/private/": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)\n'
I'm concerned about the two errors.
First is cannot load certificate.
Here is what I have in that directory:
letsencrypt-account.key
letsencrypt-domain.key
Why did acme.nginx not create a PEM file?
Here is a copy of my nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events { worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
include /etc/enginx/conf.d/*conf;
include /etc/nginx/sites-enabled/*;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen 443 ssl;
server_name www.e-hoang.com;
ssl_certificate /etc/ssl/private/;
ssl_certificate_key /etc/ssl/private/letsencrypt-domain.key;
ssl_protocols TLSv1.2 TLSv1.3;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
Then the second issue is why is there a 400 status?
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "35.172.110.80: Fetching http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0: Connection refused",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/259557528006/yJM8oQ",
"token": "4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0",
"validationRecord": [
{
"url": "http://www.e-hoang.com/.well-known/acme-challenge/4-B8B_IJYI_evOq_ZcN7-izBhZTh_oG_-f_ZJlBX9t0",
"hostname": "www.e-hoang.com",
"port": "80",
"addressesResolved": [
"35.172.110.80"
],
"addressUsed": "35.172.110.80"
}
],
"validated": "2023-08-29T21:42:51Z"
}
Here are my security group settings for this EC2 instance:
ALLOW HTTP from all IPv4
ALLOW HTTPS from all IPv4
ALLOW SSH from all IPv4
Please let me know if there is any more information I can provide, I have been pulling my hear for a couple of hours trying to resolve this now..
Thank you so much in advance!