Error while running nginx -c /etc/nginx/nginx.conf -t

My domain is: https://www.beehaw.org

I ran this command: sudo certbot --nginx

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/beehaw.org/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/beehaw.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] cannot load certificate "/etc/letsencrypt/live/beehaw.org/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/beehaw.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.22.0

It seems the certificate has been deleted. Certificates should never be deleted without also removing the reference in the webserver. See User Guide — Certbot 1.22.0 documentation

3 Likes

That was the first certbot command that I ran on this server. I am trying to get certificates. I haven't deleted anything.

What's the output of certbot certificates?

It looks like the certificates are not there.

You got at least one certificate today.

2 Likes

Did you perhaps migrate your nginx configuration from somewhere else then?

Because that reference to the certificate comes from somewhere I recon.

3 Likes

No certificates found.


Did you move to a new server?

2 Likes

Yes. I did move to a new server.

ok, you need to comment any lines referring to your certificates in your nginx configuration.

grep -rHn letsencrypt /etc/nginx

(recurse filename linenumber)

this means you'll most likely revert to the default snakeoil cert.

then, you can run certbot --nginx

2 Likes

I commented out the two lines that referenced letsencrypt.

Running certbot --nginx resulted in this:

Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/lemmy.conf:15
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/lemmy.conf:15\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

Yeah, ok.

Check if you have /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key and configure nginx to use them. If you don't have them, you should be able to generate them with generate-default-snakeoil.

2 Likes

I don't have these.

Running 'generate-default-snakeoil' produces:

command not found

I read a manpage wrong, the command is make-ssl-cert generate-default-snakeoil

http://manpages.ubuntu.com/manpages/focal/man8/make-ssl-cert.8.html

(It should be there, the package name should be ssl-cert)

2 Likes

I see 'ssl-cert-snakeoil.key' in /etc/ssl/private/. However, I do NOT see ' ssl-cert-snakeoil.pem in /etc/ssl/certs/ after running the generate command. There are a lot of .pem files, but none with that name.

That's quite strange.


do you have /etc/nginx/snippets/snakeoil.conf?

2 Likes

Yes. snakeoil.conf is there.

ok, include it where you commented those couple lines

include snippets/snakeoil.conf; should be the right syntax.

2 Likes

Done. Now, what would you suggest as the next step? Also, thanks so much for your help!

check if nginx starts without complaining.

if it starts, you can run certbot

2 Likes

That worked! Thanks so much for all your help!

2 Likes