Certificate not applied after renewal

I have successfully renewed the certificate and the new one is in

ssl_certificate /etc/letsencrypt/live/maet.bg-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maet.bg-0001/privkey.pem;

The old one is in:

ssl_certificate /etc/letsencrypt/live/maet.bg/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/maet.bg/privkey.pem;

When I edit the nginx settings to use the new one I cannot start the server anymore.

$sudo service nginx status

●ginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: failed (Result: exit-code) since Mon 2017-10-30 10:48:09 UTC; 6min ag
Process: 3745 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 -
Process: 3610 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code
Process: 3750 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process
Main PID: 3614 (code=exited, status=0/SUCCESS)

Oct 30 10:48:09 maet systemd[1]: Starting A high performance web server and a re
Oct 30 10:48:09 maet nginx[3750]: nginx: [emerg] invalid number of arguments in
Oct 30 10:48:09 maet nginx[3750]: nginx: configuration file /etc/nginx/nginx.con
Oct 30 10:48:09 maet systemd[1]: nginx.service: Control process exited, code=exi
Oct 30 10:48:09 maet systemd[1]: Failed to start A high performance web server a
Oct 30 10:48:09 maet systemd[1]: nginx.service: Unit entered failed state.
Oct 30 10:48:09 maet systemd[1]: nginx.service: Failed with result ‘exit-code’.

journalctl -xe

The result is failed.
Oct 30 10:48:09 maet systemd[1]: nginx.service: Unit entered failed state.
Oct 30 10:48:09 maet systemd[1]: nginx.service: Failed with result ‘exit-code’.
Oct 30 10:49:03 maet sshd[3697]: pam_unix(sshd:session): session closed for user
Oct 30 10:49:03 maet sshd[3697]: pam_systemd(sshd:session): Failed to release se
Oct 30 10:49:03 maet systemd-logind[1388]: Removed session 46.
– Subject: Session 46 has been terminated
– Defined-By: systemd
– Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
– Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
– A session with the ID 46 has been terminated.
Oct 30 10:50:20 maet sshd[3761]: Connection closed by 37.187.198.192 port 6921 [
Oct 30 10:53:43 maet sshd[3770]: Connection closed by 220.100.102.52 port 6920 [
Oct 30 10:54:35 maet sudo[3774]: root : TTY=pts/0 ; PWD=/root ; USER=root ;
Oct 30 10:54:35 maet sudo[3774]: pam_unix(sudo:session): session opened for user
Oct 30 10:54:35 maet sudo[3774]: pam_unix(sudo:session): session closed for user
Oct 30 10:54:38 maet sudo[3792]: root : TTY=pts/0 ; PWD=/root ; USER=root ;
Oct 30 10:54:38 maet sudo[3792]: pam_unix(sudo:session): session opened for user
Oct 30 10:55:01 maet CRON[3800]: pam_unix(cron:session): session opened for user
Oct 30 10:55:01 maet CRON[3801]: (root) CMD (command -v debian-sa1 > /dev/null &
Oct 30 10:55:01 maet CRON[3800]: pam_unix(cron:session): session closed for user
Oct 30 10:56:23 maet sudo[3792]: pam_unix(sudo:session): session closed for user

What am I doing wrong here?

Hi @Premitium,

Seems you forgot to end your ssl directives with ;

Cheers,
sahsanu

2 Likes

Thanks for the reply this was just a typo when I created the topic. I am guessing that my problem is in the outdated symbolic links.

The error that I get from NGINX is
nginx: [emerg] invalid number of arguments in “ssl_certificate” directive in /etc/nginx/sites-enabled/maet:34

and on line 34 I’v got the new certificate.

ssl_certificate = /etc/letsencrypt/live/maet.bg-0001/fullchain.pem;

Oh my god! I’ve put an equal sign as it were a variable assign.

2 Likes

Sounds like you’ve taken care of your immediate problem. But how did you go about renewing your cert? Ordinarily, it would stay in the same place–the path wouldn’t change.

2 Likes

Yes, the existence of the -0001 is most often a sign that people didn’t do exactly what they expected.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.