Can't get certificate (Debian)


#1

I’ve tried different ways to generate certificate and key but always get these directories and files

ls -lA /etc/letsencrypt/
total 16K
drwx------ 3 root root 4.0K Dec 25 19:13 accounts
drwxr-xr-x 2 root root 4.0K Dec 25 19:13 csr
drwx------ 2 root root 4.0K Dec 25 19:13 keys
drwxr-xr-x 2 root root 4.0K Dec 25 19:13 renewal

ls -lA /etc/letsencrypt/csr/
total 4.0K
-rw-r–r-- 1 root root 944 Dec 25 19:13 0000_csr-letsencrypt.pem

ls -lA /etc/letsencrypt/keys/
total 4.0K
-rw------- 1 root root 1.7K Dec 25 19:13 0000_key-letsencrypt.pem

I guess that there’s not right certificate and key.
I’ve tried to use it with nginx but got error:

Reloading nginx configuration: nginx: [emerg] SSL_CTX_use_certificate_chain_file("/usr/local/ssl/0000_csr-letsencrypt.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed

File /usr/local/ssl/0000_csr-letsencrypt.pem exists and have strings like "-----BEGIN CERTIFICATE REQUEST-----"
What is wrong?


#2

What version of debian are you using ? and are you using nginx ? (I’m assuming so, rather than apache, as you refer to nginx).

Looking at the folders you have, there is no “live” or “archive” folder, so you haven’t got any certificates yet. Are you trying to use the manual method ? standalone ? or auto ?


#3

I’m using Debian 7 (wheezy).
Yes, I’m using nginx as you mentioned)
I’v tried manual

./letsencrypt-auto --agree-dev-preview --server \https://acme-v01.api.letsencrypt.org/directory -a manual auth

and standalone

/etc/init.d/nginx stop
./letsencrypt-auto certonly --standalone --email myemail@gmail.com -d replyme.ru

Both times I haven’t got any errors and got message that I should make secure backup of “/etc/letsencrypt”


#4

It’s probably worth taking a backup of the /etc/letsencrypt folder anyway.

doing

./letsencrypt-auto -a manual auth

I get

Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt -a manual auth

followed by a request for the domain names.

do you get that ? or do you get something different ?


#5

I ran as a root:

root@replyme /usr/local/letsencrypt # ./letsencrypt-auto -a manual auth
Updating letsencrypt and virtual environment dependencies…
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt -a manual auth

I’m not sure is it that error above but then I ran this:

/root/.local/share/letsencrypt/bin/letsencrypt -a manual auth

And it works! I’ve got all the .pem files. Thank you so much Andy!