Fullchain.pem empty after renewal

My domain is: www.liefdeskriebels.com

I ran this command: sudo systemctl status apache2.service

It produced this output:

Mar 19 21:09:06 bruiloft-wouter-eline systemd[1]: Starting The Apache HTTP Server…

Mar 19 21:09:06 bruiloft-wouter-eline apachectl[1979]: AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:

Mar 19 21:09:06 bruiloft-wouter-eline apachectl[1979]: SSLCertificateFile: file ‘/etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem’ does not exist or is empty

Mar 19 21:09:06 bruiloft-wouter-eline apachectl[1979]: Action ‘start’ failed.

Mar 19 21:09:06 bruiloft-wouter-eline apachectl[1979]: The Apache error log may have more information.

Mar 19 21:09:06 bruiloft-wouter-eline systemd[1]: apache2.service: Control process exited, code=exited status=1

Mar 19 21:09:06 bruiloft-wouter-eline systemd[1]: apache2.service: Failed with result ‘exit-code’.

Mar 19 21:09:06 bruiloft-wouter-eline systemd[1]: Failed to start The Apache HTTP Server.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: Digital ocean

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

My website was running fine, but all of the sudden Apache does not want to restart and produces the above output. I guess certbot maybe renewed the certificate, but something went wrong. Kind of last what I should do now.

Hi @wtzr

what says

certbot certificates
apachectl -S

Perhaps disable all port 443 vHosts, so you have only http ports, then your Apache should start. Then try to create a new certificate.

Your last renewal was on February 26. When did this issue crop up?

What happened to that file - is it actually gone, or is it empty? What about the parent directories? What do these commands show?

ls -lah /etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem
namei -l /etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem

Thanks for your feedback!

Yesterday all of a sudden I could not enter the website anymore. So it happend at the 20th of march.

ls -lah /etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem
ls: cannot access ‘/etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem’: No such file or directory

namei -l /etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem
f: /etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root letsencrypt
drwx------ root root live
liefdeskriebels.com - No such file or directory

Hi Jeurgen,

Thanks for your feedback. It seems the ceritifcates are not there anymore.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

No certs found.

Apachectl -S gave:
AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem’ does not exist or is empty

Action ‘-S’ failed.

The Apache error log may have more information.

ok, apache won't start, so go for

certbot -a standalone -i apache

and try to get a new certificate.

after it worked, edit /etc/letsencrypt/renewal/yourdomain.conf

and set authenticator to apache instead of standalone

hmm. i can’t run that command:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Error while running apache2ctl configtest.

Action ‘configtest’ failed.

The Apache error log may have more information.

AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:

SSLCertificateFile: file ‘/etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem’ does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.

The error was: MisconfigurationError(“Error while running apache2ctl configtest.\nAction ‘configtest’ failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:\nSSLCertificateFile: file ‘/etc/letsencrypt/live/liefdeskriebels.com/fullchain.pem’ does not exist or is empty\n”,)

I guess you can replace it with

certbot --standalone --cert-name "liefdeskriebels.com"

don’t forget to tell certbot both www and non-www domain: https://crt.sh/?q=liefdeskriebels.com

Hi 9peppe,

Alright it worked in the end thanks to your last suggestion. Replaced it in the config, restarted apache and it worked.

Curious though, any idea what could have caused this to happen? Nothing has changed with the website.

Thanks for the help!

no idea, probably something happened interfering with certbot's operation

@wtzr you might want to run certbot renew --dry-run to check if editing the config files broke something

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.