I'm not able to start nginx without the let's encrypt certs, and I'm not able to get the let's encrypts certs, without starting nginx server

My domain is: grasp.deals

My web server is (include version): nginx / 1.20.0

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

Due to some issues in packages installed which caused the freezing of the system, I had to re-install Ubuntu from scratch.

in my `/etc/nginx/conf.d/default.conf' file I have :

server {
    listen 443 ssl http2 default_server;
    server_name grasp.deals;
    ssl_certificate /etc/letsencrypt/live/grasp.deals/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/grasp.deals/privkey.pem; # managed by Certbot
    ssl_trusted_certificate /etc/letsencrypt/live/grasp.deals/chain.pem;

    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-

draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD
5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;

    access_log /var/log/nginx/grasp.deals.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /weights {
      root /home/raphy/www;
      try_files $uri $uri/ =404;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      # Following is necessary for Websocket support
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
    }
}

I recovered this nginx configuration.

And obviously it gives this error:

raphy@pc:/etc/nginx/conf.d$ sudo nginx -t
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/grasp.deals/fullchain.pem": BIO_new_file() 
failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt
/live/grasp.deals/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

So....now I have this problem:
I'm not able to start nginx without the let's encrypt certs, and I'm not able to get the let's encrypts certs, without starting nginx server...

How to solve this problem?

Welcome to the Let's Encrypt Community

This is actually quite a common problem, so you're certainly not alone. The easiest way I've found to fix this issue is to comment out the SSL lines added by certbot, reload nginx (nginx -s reload), then run your certbot command again. It should add them back in upon a successful run.

Hi! Thanks for your kind reply.

If I comment the SSL lines added by certbot, which are the ssl certificates:

server {
    listen 443 ssl http2 default_server;
    server_name grasp.deals www.grasp.deals;

    #ssl_certificate /etc/ssl/certs/chained.pem;
    #ssl_certificate_key /etc/ssl/private/domain.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-  draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:50m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    #ssl_stapling on;
    #ssl_stapling_verify on;

    #access_log /var/log/nginx/graspdeals-access.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass http://192.168.1.7:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Testing the nginx configuration I get :

raphy@pc:/etc/nginx/conf.d$ sudo nginx -t
nginx: [emerg] no "ssl_certificate" is defined for the "listen ... ssl" directive in /etc/nginx/conf.d
/default.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

I guess commenting all this 443 part of the nginx configuration won't let me pass the Let's Encrypt test

Or may be.... I need to install and configure ssl, because I had to wipe out the previous system?

In this way:

server {
    #listen 443 ssl http2 default_server;
    server_name grasp.deals www.grasp.deals;

    #ssl_certificate /etc/ssl/certs/chained.pem;
    #ssl_certificate_key /etc/ssl/private/domain.key;
    #ssl_session_timeout 5m;
    #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    #ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    #ssl_prefer_server_ciphers on;
    #ssl_session_cache shared:SSL:50m;
    #ssl_dhparam /etc/ssl/certs/dhparam.pem;

    #ssl_stapling on;
    #ssl_stapling_verify on;

    #access_log /var/log/nginx/graspdeals-access.log combined;

    add_header Strict-Transport-Security "max-age=31536000";
    location = /favicon.ico { access_log off; log_not_found off; }
    location / {
        proxy_pass http://192.168.1.7:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

I get this output :

raphy@pc:/etc/nginx/conf.d$ sudo nginx -t
nginx: [warn] conflicting server name "grasp.deals" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "www.grasp.deals" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Does this "conflicting server name" prevents the Let's Encrypt tests to be successful?

SOLVED.
Thank you!!!

Glad you got it working!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.