I made a mistake somewhere when i deleted a cert and need help out of this mess


#1

My domain is: felinesoulsystems.com

I ran this command: certbot revoke --nginx --cert-path /etc/letsencrypt/live/admin.felinesoulsystems.com/fullchain.pem -d www.felinesoulsystems.com -d felinesoulsystems.com which produced: “Congratulations! You have successfully revoked the certificate that was located
at /etc/letsencrypt/live/admin.felinesoulsystems.com/fullchain.pem”

Then i ran certbot delete --nginx --cert-path /etc/letsencrypt/live/admin.felinesoulsystems.com/fullchain.pem -d www.felinesoulsystems.com -d felinesoulsystems.com which produced a log, and asked me to enter the number corresponding to the domain i was deleting. I did so (pressed 8), and it responded with “Deleted all files relating to certificate” admin.felinesoulsystems.com.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

It produced this output: (see above)

My web server is (include version): nginx/1.10.3

The operating system my web server runs on: Linux 4.9.0-3-amd64 #1 SMP Debian 4.9.30-2+deb9u1 (2017-06-18) x86_64 GNU/Linux

My hosting provider, if applicable, is: my own Google Cloud

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no


It all started this morning. I have a site under admin.felinesoulsystems.com and a site under www.felinesoulsystrems.com. When i went to https://www.felinesoulsystems.com chrome would warn me that it was not secure. When i told it to ignore that, it would push me over to admin.felinesoulsystems.com. Looking closer with “certbot certificates” i saw that i had a certificate for admin.felinesoulsystems.com and felinesoulsystems.com but not www.felinesoulsystems.com. www should be the default subdomain anyway. I revoked the ceriificate and then deleted it (as seen above) in the hopes of creating a certificate with -d admin.felinesoulsystems.com and then one with -d www.felinesoulsystems.com -d felinesoulsystems.com as that’s how they are in the two ngnix configuration files that i have setup.

Now when i run “sudo certbot --cert-name felinesoulsystems.com --nginx -d www.felinesoulsystems.com -d admin.felinesoulsystems.com -d felinesoulsystems.com” i see:

Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/admin.felinesoulsystems.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/admin.felinesoulsystems.com/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(‘Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/letsencrypt/live/admin.felinesoulsystems.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/etc/letsencrypt/live/admin.felinesoulsystems.com/fullchain.pem’,‘r’) error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n’,)

What do i do to fix this on a live server?

In the future when i have a need for subdomain.felinesoulsystems.com i’ll just create new certificate for that, right? Am i Doing It Wrong? Should i only have one cert for felinesoulsytems.com and then use the same config lines for each nginx site config file?


#2

You have deleted a certificate file from /etc/letsencrypt/ with certbot delete, but when you did that, the nginx configuration file(s) weren’t updated. Apparently, certbot will add/edit configuration files when you request a new certificate with the --nginx option, but when you use the delete feature with the --nginx option, it doesn’t remove the reference to the deleted certificate from the nginx configuration files.

You’ll have to remove the reference to the certificate in the nginx configuration files for certbot to work again. Actually… I think nginx won’t survive a ‘hard’ restart with this failing configuration…


#3

That’s correct. There is a certbot rollback command which can undo the changes that Certbot has made to your web server configuration, but it restores the configuration from a backup so you’ll also lose any changes that you’ve subsequently made to the same files.


#4

Thank you folks. Removing the config options in my nginx server file, and reapplying the certificate did the trick.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.