Can't install new certificate

Hi!

I’ve decided to revoke the certificate and install a new one. I ran “letsencrypt revoke” which removed fullchain.pem and privkey.pem from /etc/letsencrypt/live/ directory. Now, I’m unable to run “nginx -t”, produces the below output:

nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/live//privkey.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live//privkey.pem’,‘r’) error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed

Can anybody help? I’m new to this, I must have made a mistake in attempt to revoke the certificate.

1 Like

Hi @AlexeiT

then you shouldn’t revoke a certificate. That’s only required if your private key is stolen.

Disable that vHost. Or install a self signed certificate.

Or use your backup to fix your configuration.

You don’t have a backup? Next problem.

1 Like

What was the reason for revocation?

what do you mean by disabling the host?

Please read the basics about your nginx - configuration. There is all you need to know.

1 Like

well, I’ve read them. however, I don’t understand what I’m supposed to do now

1 Like

Read your nginx logs. It should indicate where in your configuration file(s) the error is located. It has something to do with a file privkey.pem, probably left over from the Let’s Encrypt certificate. You can also use the application grep to search for this file in the nginx configuration file(s).

1 Like

Normally you do not revoke a certificate. You need to do it in exceptional case (for example someone stole the key of the certificate). The normal action is to get a new certificate (action called renew). You are allowed to have more than one valid certificate. If the previous one is still valid, it is just going to expire.

1 Like

the error log says just the same:

[emerg] 30013#30013: SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/live//privkey.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live//privkey.pem’,‘r’) error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

1 Like

Well, in any case, it looks like someone manually modified the nginx configuration file(s). Because certbot doesn’t put privkey.pem files directly in the /live/ subdirectory. It always puts the (symbolic links to the files to be exact) files in the /live/name-of-the-certificate/ subdirectory.

Find the location of the reference to /etc/letsencrypt/live//privkey.pem, see what part of the nginx configuration it’s located and disable or modify that part. If it’s a combined HTTP/HTTPS section, you might need to modify it so it keeps HTTP enabled, but HTTPS disabled.

1 Like

now I get it :slight_smile: but it doesn’t help me to resolve the problem

1 Like

Try typing letsencrypt renew similarly as you typed letsencrypt revoke before.

1 Like

yes, thank you, this helped :slight_smile:

1 Like

it results in “No renewals were attempted” :frowning:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.