Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: russkiy.fun
I ran this command: sudo certbot --nginx
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/russkiy.fun/fullchain.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] PEM_read_bio_X509_AUX("/etc/letsencrypt/live/russkiy.fun/fullchain.pem") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’,)
My web server is (include version): nginx/1.12.2
The operating system my web server runs on is (include version): Ubuntu 16.0.4
My hosting provider, if applicable, is: Amen.fr
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 0.31.0
I wanted to remove a domain name from my existing certificate, because this domain is no longer active on the server. I used the command
sudo certbot delete --cert-name obsolete-name.net but when I ran
sudo certbot certificates, I got the answer:
Found the following certs:
Certificate Name: russkiy.fun
Domains: obsolete-name.net dev.russkiy.fun russkiy.fun www.russkiy.fun
Expiry Date: 2019-05-14 23:45:08+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/russkiy.fun/fullchain.pem
Private Key Path: /etc/letsencrypt/live/russkiy.fun/privkey.pem
I thought: “OK. I’ll delete the russkiy.fun certificate and recreate it without obsolete-name.net”. But when I did that, calls to
nginx -c /etc/nginx/nginx.conf -t failed because
/etc/letsencrypt/live/russkiy.fun/fullchain.pem no longer existed.
“OK,” thought I, “I’ll recreate it, then nginx will be happy and we can continue.” But no: simply having an empty file at
/etc/letsencrypt/live/russkiy.fun/fullchain.pem is not enough.
How can I reset certbot and nginx so that I can recreate my certificate from scratch?