I am using nginx and of course gets warned fullchain.pem no such file when doing nginx -t.
I just knew the rule for the limit. Now I am done for. But how to keep my site running HTTPS while waiting for the certs for a week?
My site currently showing https, I didn’t restart nginx since the tragedy.
I do not know about which is the private key, but…
Yes, I have no backup of those certs. I deleted all files in /etc/letsencrypt/live and /etc/letsencrypt/renewal.
If there is no way restoring the certs, could I just keep my site running HTTPS for a week untill the certs refreshed? Because I am running a production site and I guess error would come if I restarted nginx.
Did you delete all of /etc/letsencrypt or just /etc/letsencrypt/live and /etc/letsencrypt/renewal? Those two directories are not actually that critical. The private key is in /etc/letsencrypt/keys.
No, I didn’t delete the parent directory (/etc/letsencrypt),
I just deleted all files in those two folders (/etc/letsencrypt/live and /etc/letsencrypt/renewal).
Any ideas? Could you safe my life?
It’s a somewhat advanced thing to experiment with, but it should be possible to get the private key out of the web server’s memory. Additionally, it is possible although unlikely that the web server keeps the private key file open, in which case the OS has not actually deleted it yet and a usable link to it can be found somewhere in /proc.
If you find the web server’s PID(s) with ps, you can cd into /proc/<webserverpid> and then try sudo ls -l fd which will show whether you have your privkey file still open; if you’re lucky you might possibly see something like
l-wx------ 1 you you 64 Jan 14 12:00 17 -> /etc/letsencrypt/archive/example.com/privkey2.pem (deleted)
which is good news because then that is your private key, which could then be copied out of fd/17.
For the memory-searching example, you can use the gdb attach method in
The private key should be somewhere in the resulting core file (maybe in PEM format, which is the comparatively easy case; maybe not, which is the comparatively trickier case).
I would not recommend using the kill method because if it doesn’t work, you’ve lost your working web server!