Fullchain.pem' does not exist or is empty

Hi,
A few weeks ago, I was able to install the Lets Encrypt, but now I noticed under sites-enabled there is

  1. learninggardenmontessori.ph.conf
  2. learninggardenmontessori.ph-le-ssl.conf

i believed i have not done the second one…
and now when I start and diagnose this is the error message.

“AH00526: Syntax error on line 66 of /etc/apache2/sites-enabled/learninggardenmontessori.ph-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.learninggardenmontessori.ph/fullchain.pem’ does not exist or is empty
Action ‘-k stop’ failed.
The Apache error log may have more information.”

Thank you for your assistance,
Gin

Hi @42force,

Did you delete or rename your Let’s Encrypt certificate for some reason?

Hi,
Thank you for your response… No I did not…
I just updated Ubuntu and that’s it… restarted the system

Could you try running certbot certificates?

1 Like

OK I will try, I actually forgot how to do it.. i'll look up to the tutorials.I will let you know what the results.

HI,

I have done it… and here are the results… I believe I am on the right path
sudo ls /etc/letsencrypt/live/www.learninggardenmontessori.ph
cert.pem chain.pem fullchain.pem privkey.pem README

I am also confused because the one with the le.ssl.conf, I did not do that…but it was there,
was it done automatically?

Hi @42force

the first may be your port 80 - vHost. The second is the port 443 - vHost.

But checking your domain ( learninggardenmontessori.ph - Make your website better - DNS, redirects, mixed content, certificates ) there is no running port 443.

Domainname Http-Status redirect Sec. G
http://www.learninggardenmontessori.ph/
122.3.47.190 200 0.400 H
https://www.learninggardenmontessori.ph/
122.3.47.190 -14 10.026 T
Timeout - The operation has timed out
http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 404 0.397 A
Not Found
Visible Content: 404 Not Found nginx/1.14.0 (Ubuntu)

So:

  • make a backup of these config files
  • delete the learninggardenmontessori.ph-le-ssl.conf
  • recheck your domain, if port 80 works. That looks good, port 80 is open, no wrong / not working redirect, /.well-known/acme-challenge answers correct
  • then create a new certificate. Open your learninggardenmontessori.ph.conf to find your "DocumentRoot", then use it
certbot run -a webroot -i apache -w yourDocumentRoot -d learninggardenmontessori.ph -d www.learninggardenmontessori.ph
3 Likes

Yes, when you run certbot --apache it creates this configuration for you.

1 Like

ok, thank you, I thought I misconfigured something else…

Hi,
Thank you for your response… I am going nuts just by configuring this…
I will do what you suggested… Thank you…

Hi Juergen,
I have removed the certificate, I just noticed before… when I have installed it 28 days ago, it worked however when I opted for the option of redirection to HTTPS: it’s not working anymore… now I deleted everything… and I am getting this error message;
"SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG>’’

how do I start from scratch from this…?
Thank you,

Rechecked your domain ( learninggardenmontessori.ph - Make your website better - DNS, redirects, mixed content, certificates ):

Domainname Http-Status redirect Sec. G
http://www.learninggardenmontessori.ph/
122.3.47.190 400 0.837 M
Bad Request
https://www.learninggardenmontessori.ph/
122.3.47.190 -4 0.780 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://www.learninggardenmontessori.ph:443/
122.3.47.190 403 0.397 Q
Forbidden
Visible Content: Forbidden You don't have permission to access / on this server. Apache/2.4.29 (Ubuntu) Server at www.learninggardenmontessori.ph Port 80
https://www.learninggardenmontessori.ph:80/
122.3.47.190 -4 0.780 A
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
Visible Content:
http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 400 0.867 M
Bad Request

Looks like you have removed your certificate. So http is sent over port 443.

So again:

Thanks, by creating a new certificate, meaning doing this again right...?
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-apache

No, you don't need to install Certbot again.

But you must start with a working http - configuration. Currently, your configuration is wrong.

If you don't have a working http (and nothing with https), Certbot may fail.

Hi,
I did what you told me… and I got this error message

"Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

AH00526: Syntax error on line 51 of /etc/apache2/sites-enabled/learninggardenmontessori.ph.conf:
Name duplicates previous WSGI daemon definition.

Rolling back to previous server configuration…"

But I have the CONGRATULATIONS PART

*When I tried to run this command and was asked to expand

Failed authorization procedure. learninggardenmontessori.ph (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: unknownHost :: No valid IP addresses found for learninggardenmontessori.ph

Now I am at a lost on this part…
Thanks for your help, really…

Your non-www version isn't defined.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
learninggardenmontessori.ph A yes 1 0
AAAA yes
www.learninggardenmontessori.ph A 122.3.47.190 yes 1 0
AAAA yes

So add an A entry to your non-www version (use the same ip address).

Hi Juergen,
where can I find that..non-www version?
Thanks for your help..
btw now.. the error is it tries to redirect to https that's why i am unable to see it using www.learninggardenmontessori.ph

In your domain management. There, where you manage your domain - dns entries.

Yes, that's the problem adding a redirect too early. Check your vHost port 80 to find and remove that redirect.

RewriteEngine on
RewriteRule

Thanks for your help,
I have added the A and I have also commented out the Rewrite Rule earlier… but I still get the same error for redirecting…?

You can't check redirects with your browser, there is too much caching.

That's one reason to use online tools, they start new.

Now your main configuration is ok.

Domainname Http-Status redirect Sec. G
http://learninggardenmontessori.ph/
122.3.47.190 200 0.610 H
http://www.learninggardenmontessori.ph/
122.3.47.190 200 0.610 H
https://learninggardenmontessori.ph/
122.3.47.190 -4 0.777 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
https://www.learninggardenmontessori.ph/
122.3.47.190 -4 0.777 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://learninggardenmontessori.ph:443/
122.3.47.190 403 0.396 Q
Forbidden
Visible Content: Forbidden You don't have permission to access / on this server. Apache/2.4.29 (Ubuntu) Server at learninggardenmontessori.ph Port 80
http://www.learninggardenmontessori.ph:443/
122.3.47.190 403 0.396 Q
Forbidden
Visible Content: Forbidden You don't have permission to access / on this server. Apache/2.4.29 (Ubuntu) Server at www.learninggardenmontessori.ph Port 80
http://learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 404 0.407 A
Not Found
Visible Content: Page not found (404) Request Method: GET Request URL: http://learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Using the URLconf defined in lgms.urls , Django tried these URL patterns, in this order: [name='about'] [name='gallery'] [name='admission'] [name='calendar'] [name='careers'] [name='news'] [name='online'] admin/ students-admin home [name='home'] home/<int:pk>/ [name='studentbioid'] home/<int:pk>/ [name='studentmedpccheck'] teachers/ parents/ mainviews/ ^media/(?P<path>.*)$ accounts/ accounts/signup/ [name='signup'] accounts/signup/parents [name='parentsview'] accounts/signup/teacher [name='teachersview'] pages/ The current path, .well-known/acme-challenge/check-your-website-dot-server-daten-dot-de , didn't match any of these. You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False , and Django will display a standard 404 page.
http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 404 0.410 A
Not Found
Visible Content: Page not found (404) Request Method: GET Request URL: http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Using the URLconf defined in lgms.urls , Django tried these URL patterns, in this order: [name='about'] [name='gallery'] [name='admission'] [name='calendar'] [name='careers'] [name='news'] [name='online'] admin/ students-admin home [name='home'] home/<int:pk>/ [name='studentbioid'] home/<int:pk>/ [name='studentmedpccheck'] teachers/ parents/ mainviews/ ^media/(?P<path>.*)$ accounts/ accounts/signup/ [name='signup'] accounts/signup/parents [name='parentsview'] accounts/signup/teacher [name='teachersview'] pages/ The current path, .well-known/acme-challenge/check-your-website-dot-server-daten-dot-de , didn't match any of these. You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False , and Django will display a standard 404 page.

Both http versions are defined, there is no redirect. And /.well-known/acme-challenge answers with the correct answer http status 404 - not found.

2 Likes