Error SSL Not found fullchain.pem

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: apiqas.sap.sladm.com.br

I ran this command: certbot -d apiqas.sap.sladm.com.br certonly

It produced this output:Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/apiqas.sap.sladm.com.br/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/apiqas.sap.sladm.com.br/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

My web server is (include version): NGINX

The operating system my web server runs on is (include version): Centos

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.11.0

What's the output of certbot certificates?

2 Likes

this domain is not shown

Where did that certificate go then? Clearly nginx is configured to use it.

Did you by any chance delete the certificate without making sure there were no references left to that cert in the services that once were using that cert? Or did you migrate that nginx configuration from another server?

1 Like

The person accidentally deleted it and they didn't have a backup of the folder

Is it possible to generate the certificates for this domain again?

Yes.

First, ensure HTTP is not being redirected to HTTPS for this domain:

curl -Ii apiqas.sap.sladm.com.br
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.1
Date: Fri, 06 Sep 2024 14:46:59 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://apiqas.sap.sladm.com.br/

Second, disable the HTTPS domain OR use any alternate certificate [in order to get nginx working - if it fails to start].

Third, use certonly with --webroot [do that so certbot doesn't try to alter your nginx config]:
certbot certonly --webroot -w /directory/path -d apiqas.sap.sladm.com.br

See: User Guide — Certbot 2.12.0.dev0 documentation (eff-certbot.readthedocs.io)

3 Likes

with this command it generates a new certificate chain?

It should generate a new certificate and all the files that go with that.
[including: fullchain.pem]

Once completed, you can show:
certbot certificates
[for complete certificate information]

3 Likes

Thanks for the help

3 Likes

I ran the command but it presented the following error: Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems: Domain: apiqas.sap.sladm.com.br Type: unauthorized Detail: 200.185.63.250: Invalid response from https://apiqas.sap.sladm.com.br/.well-known/acme -challenge/ImJUDvlZMKuyfA0N7U1jAYEcBUvn-42YPr9zWqVVQOY: 404 Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

What was the exact command you ran?
And also, please show the output of:
nginx -T

1 Like

this one certbot Certonly --webroot -w /directory/path -d apiqas.sap.sladm.com.br

You need to replace that with the actual path.

Did you ...

And what about?:

2 Likes

I replaced it with the current path in the command but it still gave me the error above.

The Certbot -w folder should be the same as the root folder in the nginx server block for this domain. But, please always show the actual command you used. It helps to make clear what was tried.

Have you fixed your broken nginx config? If you have not the nginx -T command (upper case T) probably won't work. Would you show us the output of these two commands (using lower case t):

nginx -t
grep -REi 'server_name|fullchain.pem' /etc/nginx
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.