Fullchain.pem' does not exist or is empty

Hi,
A few weeks ago, I was able to install the Lets Encrypt, but now I noticed under sites-enabled there is

1. learninggardenmontessori.ph.conf
2. learninggardenmontessori.ph-le-ssl.conf

i believed i have not done the second one…
and now when I start and diagnose this is the error message.

“AH00526: Syntax error on line 66 of /etc/apache2/sites-enabled/learninggardenmontessori.ph-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.learninggardenmontessori.ph/fullchain.pem’ does not exist or is empty
Action ‘-k stop’ failed.
The Apache error log may have more information.”

Thank you for your assistance,
Gin

Hi @42force,

Did you delete or rename your Let’s Encrypt certificate for some reason?

Hi,
Thank you for your response… No I did not…
I just updated Ubuntu and that’s it… restarted the system

Could you try running certbot certificates?

OK I will try, I actually forgot how to do it.. i'll look up to the tutorials.I will let you know what the results.

HI,

I have done it… and here are the results… I believe I am on the right path
sudo ls /etc/letsencrypt/live/www.learninggardenmontessori.ph
cert.pem chain.pem fullchain.pem privkey.pem README

I am also confused because the one with the le.ssl.conf, I did not do that…but it was there,
was it done automatically?

Hi @42force

the first may be your port 80 - vHost. The second is the port 443 - vHost.

But checking your domain ( learninggardenmontessori.ph - Make your website better - DNS, redirects, mixed content, certificates ) there is no running port 443.

So:

• make a backup of these config files
• delete the learninggardenmontessori.ph-le-ssl.conf
• recheck your domain, if port 80 works. That looks good, port 80 is open, no wrong / not working redirect, /.well-known/acme-challenge answers correct
• then create a new certificate. Open your learninggardenmontessori.ph.conf to find your "DocumentRoot", then use it

certbot run -a webroot -i apache -w yourDocumentRoot -d learninggardenmontessori.ph -d www.learninggardenmontessori.ph

Yes, when you run certbot --apache it creates this configuration for you.

ok, thank you, I thought I misconfigured something else…

Hi,
Thank you for your response… I am going nuts just by configuring this…
I will do what you suggested… Thank you…

Hi Juergen,
I have removed the certificate, I just noticed before… when I have installed it 28 days ago, it worked however when I opted for the option of redirection to HTTPS: it’s not working anymore… now I deleted everything… and I am getting this error message;
"SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG>’’

how do I start from scratch from this…?
Thank you,

Rechecked your domain ( learninggardenmontessori.ph - Make your website better - DNS, redirects, mixed content, certificates ):

Looks like you have removed your certificate. So http is sent over port 443.

So again:

Thanks, by creating a new certificate, meaning doing this again right...?
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python-certbot-apache

No, you don't need to install Certbot again.

But you must start with a working http - configuration. Currently, your configuration is wrong.

If you don't have a working http (and nothing with https), Certbot may fail.

Hi,
I did what you told me… and I got this error message

"Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

AH00526: Syntax error on line 51 of /etc/apache2/sites-enabled/learninggardenmontessori.ph.conf:
Name duplicates previous WSGI daemon definition.

Rolling back to previous server configuration…"

But I have the CONGRATULATIONS PART

*When I tried to run this command and was asked to expand

Failed authorization procedure. learninggardenmontessori.ph (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: unknownHost :: No valid IP addresses found for learninggardenmontessori.ph

Now I am at a lost on this part…
Thanks for your help, really…

Your non-www version isn't defined.

So add an A entry to your non-www version (use the same ip address).

Hi Juergen,
where can I find that..non-www version?
Thanks for your help..
btw now.. the error is it tries to redirect to https that's why i am unable to see it using www.learninggardenmontessori.ph

In your domain management. There, where you manage your domain - dns entries.

Yes, that's the problem adding a redirect too early. Check your vHost port 80 to find and remove that redirect.

RewriteEngine on
RewriteRule

Thanks for your help,
I have added the A and I have also commented out the Rewrite Rule earlier… but I still get the same error for redirecting…?

You can't check redirects with your browser, there is too much caching.

That's one reason to use online tools, they start new.

Now your main configuration is ok.

Both http versions are defined, there is no redirect. And /.well-known/acme-challenge answers with the correct answer http status 404 - not found.