/etc/letsencrypt/live and /etc/letsencrypt/archive do not exist

ogoren · June 13, 2022, 6:03pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: wanda.multivu.com (bogus domain, there isn't really such a domain)

I ran this command:
sudo certbot --nginx certonly -d wanda.multivu.com -d www.wanda.multivu.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/wanda.multivu.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/wanda.multivu.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Could not choose appropriate plugin: The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/letsencrypt/live/wanda.multivu.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/wanda.multivu.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)
The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/letsencrypt/live/wanda.multivu.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/wanda.multivu.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)

My web server is (include version):
nginx version: nginx/1.14.0 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
None

I can login to a root shell on my machine (yes or no, or I don't know):
No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

In general, I just followed the following instructions to install internal wiki site:

Then,
nginx -t
failed because live folder was not found. I did not delete anything, I just followed the instructions.

sudo certbot certificates
gives me:
No certs found.

rg305 · June 13, 2022, 6:18pm

Hi @ogoren, and welcome to the LE community forum

Did you read the first paragraph in your post?

That said, the problem you seem to be having is that your nginx config is trying to use a cert that hasn't yet been obtained [or somehow has been deleted].
Hard to say without a crystal ball.

Step #1: Fix the nginx configuration.

Step #2: Use the LE staging environment throughout the testing/troubleshooting of obtaining a cert.

Step #3: Use the LE production system to obtain a real cert.

ogoren · June 13, 2022, 6:36pm

Hi.
I gave my real domain, at least the one I asked for a cert for. As I try installing an internal wiki server, I'm starting to believe I do not need a certificate at all, as I will only use HTTP. Regardless, how do I reach the LE staging env, or the LE production system?

Thanks,
Ofer

rg305 · June 13, 2022, 6:56pm

*** 8.8.8.8 can't find wanda.multivu.com: Non-existent domain
*** 8.8.8.8 can't find www.wanda.multivu.com: Non-existent domain

Did you spell it correctly?
[did you register the domain name?]

Just add --dry-run to any certbot line.

sudo certbot --nginx certonly -d wanda.multivu.com -d www.wanda.multivu.com --dry-run

ogoren · June 14, 2022, 5:28am

Hi.
This is an internal domain, for internal usage. I do not need this server to be accessed outside the local network. So the domain is not registered. I understand now this is wrong. I also understand I do not need HTTPS for my server access, so no certs are required. I will configure my conf file accordingly. Thank you.

Bruce5051 · June 14, 2022, 7:43pm

multivu.com does exist but no wanda.multivu.com exist in any of the DNS Records for multivu.com
DNS Lookup - Check DNS Records
~~I do not see how any Domain Validation Certificate Authority could supply a Certificate for wanda.multivu.com~~
@rg305 has corrected my understanding below.

rg305 · June 14, 2022, 7:46pm

Not via HTTP authentication.
DNS authentication, however, can get names on certs that don't (yet) exist.

Bruce5051 · June 14, 2022, 7:47pm

Oh, I didn't know that thanks for correcting my understanding.

rg305 · June 14, 2022, 7:51pm

Think of the "wildcard" example...

There is no IP for "wildcard".example.com
[there isn't even an IP required for "_acme-challenge.example.com" - only a TXT record]
And yet, with DNS auth, we can issue such "wildcard" certs!

Bruce5051 · June 14, 2022, 7:53pm

Yep, I get it. I hope showing my ignorance helps others also in learning as well.

rg305 · June 14, 2022, 7:54pm

I too speak so that others might read and better understand - not (only) to lecture you - LOL

rg305 · June 14, 2022, 9:13pm

Of course, that command isn't using DNS authentication and would thus fail.

system · July 14, 2022, 9:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.