6 days ago my domain’s IP address changed (forgot to renew additional one), didn’t see any errors, site was working perfect.
Then I paid attention that other servers with scripts can’t access my server due to ssl validation error, in fact my own server can’t access itself, php goes like:
Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /var/www/domain.io/public_html/test.php on line 3
Warning: file_get_contents(): Failed to enable crypto in /var/www/domain.io/public_html/test.php on line 3
Warning: file_get_contents(https://domain.io/blank.html): failed to open stream: operation failed in /var/www/domain.io/public_html/test.php on line 3
I tried to update certificate via certbot, but it went SSL error to: To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address.
Then I treid to delete certificate via certbot: certbot delete some "parameter" I think it was '-d' domain.io
Then nginx went like: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/domain.io/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/domain.io/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
tried to get one via: certbot certonly
Which got me to: How would you like to authenticate with the ACME CA? 1: Nginx Web Server plugin (nginx) [Misconfigured]
I’m choosing number 1 but it doesn’t want to react, please help
When you deleted your Certbot certificate, your nginx configuration became invalid, because it now references a certificate that no longer exists. In turn, this prevents the Certbot nginx plugin from functioning.
You could try recover the situation by issuing the certificate again using the Certbot standalone plugin:
Hi, thanks for answer, I did it, resulted to such error:
Plugins selected: Authenticator standalone, Installer None
Running pre-hook command: service nginx stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.io
Challenge failed for domain domain.io
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: domain.io
Type: unauthorized
Detail: Invalid response from
https://domain.io/.well-known/acme-challenge/j6ofmQUQOIV6xjQIl6hierDcS1Tt1Jp4uBMba3Sj9EE
[2606:4700:3033::ac43:ad75]: "<!DOCTYPE html>\n<!--[if lt IE 7]>
<html class=\"no-js ie6 oldie\" lang=\"en-US\">
<![endif]-->\n<!--[if IE 7]> <html class=\"no-js "
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Now I can’t start nginx because it can’t find the certificate, what should I do? Thanks.
