Fullchain.pem' does not exist or is empty


#1

Hi,
A few weeks ago, I was able to install the Lets Encrypt, but now I noticed under sites-enabled there is

  1. learninggardenmontessori.ph.conf
  2. learninggardenmontessori.ph-le-ssl.conf

i believed i have not done the second one…
and now when I start and diagnose this is the error message.

“AH00526: Syntax error on line 66 of /etc/apache2/sites-enabled/learninggardenmontessori.ph-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/www.learninggardenmontessori.ph/fullchain.pem’ does not exist or is empty
Action ‘-k stop’ failed.
The Apache error log may have more information.”

Thank you for your assistance,
Gin


#2

Hi @42force,

Did you delete or rename your Let’s Encrypt certificate for some reason?


#3

Hi,
Thank you for your response… No I did not…
I just updated Ubuntu and that’s it… restarted the system


#4

Could you try running certbot certificates?


#5

OK I will try, I actually forgot how to do it… i’ll look up to the tutorials.I will let you know what the results.


#6

HI,

I have done it… and here are the results… I believe I am on the right path
sudo ls /etc/letsencrypt/live/www.learninggardenmontessori.ph
cert.pem chain.pem fullchain.pem privkey.pem README

I am also confused because the one with the le.ssl.conf, I did not do that…but it was there,
was it done automatically?


#7

Hi @42force

the first may be your port 80 - vHost. The second is the port 443 - vHost.

But checking your domain ( https://check-your-website.server-daten.de/?q=learninggardenmontessori.ph ) there is no running port 443.

Domainname Http-Status redirect Sec. G
http://www.learninggardenmontessori.ph/
122.3.47.190 200 0.400 H
https://www.learninggardenmontessori.ph/
122.3.47.190 -14 10.026 T
Timeout - The operation has timed out
http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 404 0.397 A
Not Found
Visible Content: 404 Not Found nginx/1.14.0 (Ubuntu)

So:

  • make a backup of these config files
  • delete the learninggardenmontessori.ph-le-ssl.conf
  • recheck your domain, if port 80 works. That looks good, port 80 is open, no wrong / not working redirect, /.well-known/acme-challenge answers correct
  • then create a new certificate. Open your learninggardenmontessori.ph.conf to find your “DocumentRoot”, then use it
certbot run -a webroot -i apache -w yourDocumentRoot -d learninggardenmontessori.ph -d www.learninggardenmontessori.ph

#8

Yes, when you run certbot --apache it creates this configuration for you.


#9

ok, thank you, I thought I misconfigured something else…


#10

Hi,
Thank you for your response… I am going nuts just by configuring this…
I will do what you suggested… Thank you…


#11

Hi Juergen,
I have removed the certificate, I just noticed before… when I have installed it 28 days ago, it worked however when I opted for the option of redirection to HTTPS: it’s not working anymore… now I deleted everything… and I am getting this error message;
"SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG>’’

how do I start from scratch from this…?
Thank you,


#12

Rechecked your domain ( https://check-your-website.server-daten.de/?q=learninggardenmontessori.ph ):

Domainname Http-Status redirect Sec. G
http://www.learninggardenmontessori.ph/
122.3.47.190 400 0.837 M
Bad Request
https://www.learninggardenmontessori.ph/
122.3.47.190 -4 0.780 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://www.learninggardenmontessori.ph:443/
122.3.47.190 403 0.397 Q
Forbidden
Visible Content: Forbidden You don’t have permission to access / on this server. Apache/2.4.29 (Ubuntu) Server at www.learninggardenmontessori.ph Port 80
https://www.learninggardenmontessori.ph:80/
122.3.47.190 -4 0.780 A
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
Visible Content:
http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 400 0.867 M
Bad Request

Looks like you have removed your certificate. So http is sent over port 443.

So again:


#13

Thanks, by creating a new certificate, meaning doing this again right…?
sudo apt-get update sudo apt-get install software-properties-common
sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update sudo apt-get install certbot python-certbot-apache


#14

No, you don’t need to install Certbot again.

But you must start with a working http - configuration. Currently, your configuration is wrong.

If you don’t have a working http (and nothing with https), Certbot may fail.


#15

Hi,
I did what you told me… and I got this error message

"Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

AH00526: Syntax error on line 51 of /etc/apache2/sites-enabled/learninggardenmontessori.ph.conf:
Name duplicates previous WSGI daemon definition.

Rolling back to previous server configuration…"

But I have the CONGRATULATIONS PART

*When I tried to run this command and was asked to expand

Failed authorization procedure. learninggardenmontessori.ph (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: unknownHost :: No valid IP addresses found for learninggardenmontessori.ph

Now I am at a lost on this part…
Thanks for your help, really…


#16

Your non-www version isn’t defined.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
learninggardenmontessori.ph A yes 1 0
AAAA yes
www.learninggardenmontessori.ph A 122.3.47.190 yes 1 0
AAAA yes

So add an A entry to your non-www version (use the same ip address).


#17

Hi Juergen,
where can I find that…non-www version?
Thanks for your help…
btw now… the error is it tries to redirect to https that’s why i am unable to see it using www.learninggardenmontessori.ph


#18

In your domain management. There, where you manage your domain - dns entries.

Yes, that’s the problem adding a redirect too early. Check your vHost port 80 to find and remove that redirect.

RewriteEngine on
RewriteRule

#19

Thanks for your help,
I have added the A and I have also commented out the Rewrite Rule earlier… but I still get the same error for redirecting…?


#20

You can’t check redirects with your browser, there is too much caching.

That’s one reason to use online tools, they start new.

Now your main configuration is ok.

Domainname Http-Status redirect Sec. G
http://learninggardenmontessori.ph/
122.3.47.190 200 0.610 H
http://www.learninggardenmontessori.ph/
122.3.47.190 200 0.610 H
https://learninggardenmontessori.ph/
122.3.47.190 -4 0.777 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
https://www.learninggardenmontessori.ph/
122.3.47.190 -4 0.777 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
http://learninggardenmontessori.ph:443/
122.3.47.190 403 0.396 Q
Forbidden
Visible Content: Forbidden You don’t have permission to access / on this server. Apache/2.4.29 (Ubuntu) Server at learninggardenmontessori.ph Port 80
http://www.learninggardenmontessori.ph:443/
122.3.47.190 403 0.396 Q
Forbidden
Visible Content: Forbidden You don’t have permission to access / on this server. Apache/2.4.29 (Ubuntu) Server at www.learninggardenmontessori.ph Port 80
http://learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 404 0.407 A
Not Found
Visible Content: Page not found (404) Request Method: GET Request URL: http://learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Using the URLconf defined in lgms.urls , Django tried these URL patterns, in this order: [name=‘about’] [name=‘gallery’] [name=‘admission’] [name=‘calendar’] [name=‘careers’] [name=‘news’] [name=‘online’] admin/ students-admin home [name=‘home’] home/<int:pk>/ [name=‘studentbioid’] home/<int:pk>/ [name=‘studentmedpccheck’] teachers/ parents/ mainviews/ ^media/(?P<path>.*)$ accounts/ accounts/signup/ [name=‘signup’] accounts/signup/parents [name=‘parentsview’] accounts/signup/teacher [name=‘teachersview’] pages/ The current path, .well-known/acme-challenge/check-your-website-dot-server-daten-dot-de , didn’t match any of these. You’re seeing this error because you have DEBUG = True in your Django settings file. Change that to False , and Django will display a standard 404 page.
http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
122.3.47.190 404 0.410 A
Not Found
Visible Content: Page not found (404) Request Method: GET Request URL: http://www.learninggardenmontessori.ph/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de Using the URLconf defined in lgms.urls , Django tried these URL patterns, in this order: [name=‘about’] [name=‘gallery’] [name=‘admission’] [name=‘calendar’] [name=‘careers’] [name=‘news’] [name=‘online’] admin/ students-admin home [name=‘home’] home/<int:pk>/ [name=‘studentbioid’] home/<int:pk>/ [name=‘studentmedpccheck’] teachers/ parents/ mainviews/ ^media/(?P<path>.*)$ accounts/ accounts/signup/ [name=‘signup’] accounts/signup/parents [name=‘parentsview’] accounts/signup/teacher [name=‘teachersview’] pages/ The current path, .well-known/acme-challenge/check-your-website-dot-server-daten-dot-de , didn’t match any of these. You’re seeing this error because you have DEBUG = True in your Django settings file. Change that to False , and Django will display a standard 404 page.

Both http versions are defined, there is no redirect. And /.well-known/acme-challenge answers with the correct answer http status 404 - not found.