I’ve decided to revoke the certificate and install a new one. I ran “letsencrypt revoke” which removed fullchain.pem and privkey.pem from /etc/letsencrypt/live/ directory. Now, I’m unable to run “nginx -t”, produces the below output:
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/live//privkey.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live//privkey.pem’,‘r’) error:20074002:BIO routines:FILE_CTRL:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
Can anybody help? I’m new to this, I must have made a mistake in attempt to revoke the certificate.
Read your nginx logs. It should indicate where in your configuration file(s) the error is located. It has something to do with a file privkey.pem, probably left over from the Let's Encrypt certificate. You can also use the application grep to search for this file in the nginx configuration file(s).
Normally you do not revoke a certificate. You need to do it in exceptional case (for example someone stole the key of the certificate). The normal action is to get a new certificate (action called renew). You are allowed to have more than one valid certificate. If the previous one is still valid, it is just going to expire.
Well, in any case, it looks like someone manually modified the nginx configuration file(s). Because certbot doesn’t put privkey.pem files directly in the /live/ subdirectory. It always puts the (symbolic links to the files to be exact) files in the /live/name-of-the-certificate/ subdirectory.
Find the location of the reference to /etc/letsencrypt/live//privkey.pem, see what part of the nginx configuration it’s located and disable or modify that part. If it’s a combined HTTP/HTTPS section, you might need to modify it so it keeps HTTP enabled, but HTTPS disabled.