Centos 8 can't use generated cert /etc/letsencrypt/live/example.com/fullchain.pem' does not exist or is empty

I generated a ssl certificate for yarnedanddangerousco.com and www.yarnedanddangerousco.com successfully.
I used https://www.ssllabs.com/ssltest/analyze.html?d=yarnedanddangerousco.com to validate and got a trust error for domain yarned which is not in the cert I generated. That was the initial host name I build the system with because it was shorter. However I have since reverted the full hostname for production. A self signed cert was generated by Apache I assume during installation. I have done this before without issue and have used certbot to generate and use certs. I realized what the problem was and found a post that said to use http -S and that is when I got the following error:

AH00526: Syntax error on line 10 of /etc/httpd/sites-available/yarnedanddangerousco.com-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/yarnedanddangerousco.com/fullchain.pem’ does not exist or is empty

That link points to /etc/letsencrypt/archive/yarnedanddangerousco.com/fullchain2.pem
owned by root 644

I looked at the pen using openssl x509 -text -noout -in

it is there and the domains are correct.

At this point I assume Apache thinks the pem is not good so it is using the one it generated which is not trusted so my browser will not view the site. Apache does not say the file is corrupt, it thinks it is empty or missing given it exists I think it believes it is empty yet openssl has no problem with it.

This is the first problem I’ve had with certbot so I don’t really no where to go from here. How do I recover? By the way the https://www.ssllabs.com/ssltest/analyze.html?d=www.yarnedanddangerousco.com test get a green A and contains the correct domains?

My domain is:
yarnedanddangerousco.com

I ran this command:
https -S

It produced this output:
AH00526: Syntax error on line 10 of /etc/httpd/sites-available/yarnedanddangerousco.com-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/yarnedanddangerousco.com/fullchain.pem’ does not exist or is empty
My web server is (include version):

The operating system my web server runs on is (include version):
Centos 8 Server version: Apache/2.4.37 (centos)
Server built: Jun 8 2020 20:14:33

My hosting provider, if applicable, is:
Digitalocean

I can login to a root shell on my machine (yes or no, or I don’t know):
ssh use sudo

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 1.5.0

I noticed I did not run https -S with sudo so I reran and got the following:

VirtualHost configuration:
*:80 yarnedanddangerousco.com (/etc/httpd/sites-enabled/yarnedanddangerousco.com.conf:1)
*:443 is a NameVirtualHost
default server yarnedanddangerousco.com (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost yarnedanddangerousco.com (/etc/httpd/conf.d/ssl.conf:40)
port 443 namevhost yarnedanddangerousco.com (/etc/httpd/sites-available/yarnedanddangerousco.com-le-ssl.conf:2)
alias www.yarnedanddangerousco.com
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: “/etc/httpd/run/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

Hi @whitemw

there

is your answer.

Two vHosts with the same port and the same domain name is always bad. Merge these in one, restart your Apache.

1 Like

Need help with execution here. I’m pretty new to managing ssl, don’t understand what and how to merge since we are talking about two different files.

line 40 in ssl.conf is:
line 2 in yarnedanddangerousco.com-le-ssl.conf is: <VirtualHost *:443>

Shoot let me try that again.

line 40 in ssl.conf is:
line 2 in yarnedanddangerousco.com-le-ssl.conf is: <VirtualHost *:443>

ok I’ll type it out ssl.conf

So with all this typing should default become and *

Saw something somewhere about Apache and default. I’ll try that while I wait for you reply. Thanks in advance.

Looks like an issue with characters in this editor let me try “default” anyway there are underscores on either side of the default text. But I took a look at a system I have that works just fine.

Changed the default on the ssl.conf VirtualHost line to * but no help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.