Error while running nginx -c /etc/nginx/nginx.conf -t

beehaw · January 25, 2022, 1:44pm

I ran this command: sudo certbot --nginx

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/beehaw.org/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/beehaw.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] cannot load certificate "/etc/letsencrypt/live/beehaw.org/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/beehaw.org/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

My web server is (include version): Nginx

The operating system my web server runs on is (include version): Ubuntu 20.04 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.22.0

Osiris · January 25, 2022, 2:43pm

It seems the certificate has been deleted. Certificates should never be deleted without also removing the reference in the webserver. See User Guide — Certbot 2.6.0 documentation

beehaw · January 25, 2022, 2:51pm

That was the first certbot command that I ran on this server. I am trying to get certificates. I haven't deleted anything.

9peppe · January 25, 2022, 3:00pm

What's the output of certbot certificates?

It looks like the certificates are not there.

You got at least one certificate today.

Osiris · January 25, 2022, 3:32pm

Did you perhaps migrate your nginx configuration from somewhere else then?

Because that reference to the certificate comes from somewhere I recon.

beehaw · January 25, 2022, 3:41pm

No certificates found.

9peppe · January 25, 2022, 3:41pm

Did you move to a new server?

beehaw · January 25, 2022, 3:42pm

Yes. I did move to a new server.

9peppe · January 25, 2022, 3:46pm

ok, you need to comment any lines referring to your certificates in your nginx configuration.

grep -rHn letsencrypt /etc/nginx

(recurse filename linenumber)

this means you'll most likely revert to the default snakeoil cert.

then, you can run certbot --nginx

beehaw · January 25, 2022, 3:52pm

I commented out the two lines that referenced letsencrypt.

Running certbot --nginx resulted in this:

Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/lemmy.conf:15
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/sites-enabled/lemmy.conf:15\nnginx: configuration file /etc/nginx/nginx.conf test failed\n')

9peppe · January 25, 2022, 3:54pm

Yeah, ok.

Check if you have /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key and configure nginx to use them. If you don't have them, you should be able to generate them with generate-default-snakeoil.

beehaw · January 25, 2022, 4:00pm

I don't have these.

Running 'generate-default-snakeoil' produces:

command not found

9peppe · January 25, 2022, 4:03pm

I read a manpage wrong, the command is make-ssl-cert generate-default-snakeoil

http://manpages.ubuntu.com/manpages/focal/man8/make-ssl-cert.8.html

(It should be there, the package name should be ssl-cert)

beehaw · January 25, 2022, 4:12pm

I see 'ssl-cert-snakeoil.key' in /etc/ssl/private/. However, I do NOT see ' ssl-cert-snakeoil.pem in /etc/ssl/certs/ after running the generate command. There are a lot of .pem files, but none with that name.

9peppe · January 25, 2022, 4:17pm

That's quite strange.

do you have /etc/nginx/snippets/snakeoil.conf?

beehaw · January 25, 2022, 4:35pm

Yes. snakeoil.conf is there.

9peppe · January 25, 2022, 4:36pm

ok, include it where you commented those couple lines

include snippets/snakeoil.conf; should be the right syntax.

beehaw · January 25, 2022, 4:43pm

Done. Now, what would you suggest as the next step? Also, thanks so much for your help!

9peppe · January 25, 2022, 4:43pm

check if nginx starts without complaining.

if it starts, you can run certbot

beehaw · January 25, 2022, 4:50pm

That worked! Thanks so much for all your help!

Topic		Replies	Views
Please help me all of my website down Help	9	1168	November 1, 2018
I need help to install and config ssl certificate on my app Help	8	148	February 3, 2025
Error while trying to generate a nginx cert Help	3	3387	October 17, 2022
Error while running nginx -c /etc/nginx/nginx.conf -t Help	5	181	February 27, 2025
Certbot: nginx plugin is not working Help	39	11046	September 19, 2021

Error while running nginx -c /etc/nginx/nginx.conf -t

Related topics