Error updating SSL certificate after server IP address change

6 days ago my domain’s IP address changed (forgot to renew additional one), didn’t see any errors, site was working perfect.
Then I paid attention that other servers with scripts can’t access my server due to ssl validation error, in fact my own server can’t access itself, php goes like:

Warning: file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /var/www/ on line 3

Warning: file_get_contents(): Failed to enable crypto in /var/www/ on line 3

Warning: file_get_contents( failed to open stream: operation failed in /var/www/ on line 3

I tried to update certificate via certbot, but it went SSL error to:
To fix these errors, please make sure that your domain name wasentered correctly and the DNS A/AAAA record(s) for that domaincontain(s) the right IP address.

Then I treid to delete certificate via certbot:
certbot delete some "parameter" I think it was '-d'

Then nginx went like:
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/','r') error:2006D080:BIO routines:BIO_new_file:no such file)

tried to get one via:
certbot certonly
Which got me to:
How would you like to authenticate with the ACME CA?
1: Nginx Web Server plugin (nginx) [Misconfigured]

I’m choosing number 1 but it doesn’t want to react, please help

When you deleted your Certbot certificate, your nginx configuration became invalid, because it now references a certificate that no longer exists. In turn, this prevents the Certbot nginx plugin from functioning.

You could try recover the situation by issuing the certificate again using the Certbot standalone plugin:

sudo certbot certonly --standalone -d --pre-hook "service nginx stop" --post-hook "service nginx restart"

It is probably best not to delete the certificate next time, but to try identify why PHP is failing to verify it.

Hi, thanks for answer, I did it, resulted to such error:

Plugins selected: Authenticator standalone, Installer None
Running pre-hook command: service nginx stop
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for
Challenge failed for domain
Some challenges have failed.

 - The following errors were reported by the server:

       Type:   unauthorized
       Detail: Invalid response from
       [2606:4700:3033::ac43:ad75]: "<!DOCTYPE html>\n<!--[if lt IE 7]>
       <html class=\"no-js ie6 oldie\" lang=\"en-US\">
       <![endif]-->\n<!--[if IE 7]>    <html class=\"no-js "

       To fix these errors, please make sure that your domain name was
       entered correctly and the DNS A/AAAA record(s) for that domain
       contain(s) the right IP address.

Now I can’t start nginx because it can’t find the certificate, what should I do? Thanks.

You may need to change your Cloudflare SSL mode to “Flexible” instead of “Strict” or whatever you have enabled right now, for standalone mode to work.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.