Certbot failing with sudo certbot renew --dry-run

jerry_dev1 · August 25, 2019, 2:33pm

I deleted the certificates: sudo certbot delete
Yes. I tried restarrting the nginx server several times & got the same error before and after deleting the certificates.
no “ssl_certificate_key” is defined for certificate “/etc/letsencrypt/live/apna5.com/fullchain.pem”

What does “ sudo nginx -T ” show now? : Shows the same error
nginx: [emerg] no “ssl_certificate_key” is defined for certificate “/etc/letsencrypt/live/apna5.com/fullchain.pem”
nginx: configuration file /etc/nginx/nginx.conf test failed

/etc/nginx/nginx.conf is Nginx’s central configuration file, right?: Yes.

mnordhoff · August 25, 2019, 2:50pm

Which certificates? Any certificate(s) Nginx is currently configured to use?

What does "sudo certbot certificates" show now?

You need to fix that error.

Does the nginx output or Nginx's error.log say where it is?

How many places does the configuration reference /etc/letsencrypt/live/apna5.com/fullchain.pem?

Maybe the problem is that there are two ssl_certificate directives and only one ssl_certificate_key directive?

fullchain.pem is the file that should be used, so try commenting out or deleting the first ssl_certificate line.

This server block won't work right with ssl enabled but no certificate or key.

(Nginx may or may not start. It depends on the version. I don't remember when it was changed.)

jerry_dev1 · August 25, 2019, 8:37pm

I got the ssl certificate install somehow…

I deleted the apna5.com certificate & reinstalled it not using the webroot option…

sudo certbot certonly -d www.apna5.com -d apna5.com
& used option 1
1: Spin up a temporary webserver (standalone)

Changed the new location of the fullchain.pem & privkey.pem in the loadbalancer.conf & commented the cert.pem in there as well

Restarted the nginx & it was working…
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

I was able to also add the autorenew… sudo certbot renew --dry-run without issues

Very weird on why this whole thing happened…

Thank you very much @mnordhoff & @JuergenAuer. Really appreciate it!

JD

system · September 24, 2019, 8:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.