Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:4digitalconsulting.com an I was trying to add the 4th domain to the same VPS but I got error that nginx can't find /etc/letsencrypt/live/eltogary.com/fullchain.pem So I deleted the certs and Now I lost in the Documentation Can you help me?
I ran this command:
sudo certbot certificates
sudo certbot delete
sudo certbot certonly --nginx
sudo certbot --nginx
sudo certbot renew --dry-run
nginx -T
It produced this output:
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2024/06/19 07:27:11 [warn] 128206#128206: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
2024/06/19 07:27:11 [emerg] 128206#128206: cannot load certificate "/etc/letsencrypt/live/4digitalconsulting.com/fullchain.pem": BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen(/etc/letsencrypt/live/4digitalconsulting.com/fullchain.pem, r) error:10080002:BIO routines::system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
My web server is (include version): nginx/1.18.0 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 22.04.4 LTS
My hosting provider, if applicable, is: VPS from Vultr
I can login to a root shell on my machine (yes or no, or I don't know): Yes for now
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no I work on Cmder
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I already removed it
Well, there's your problem. Why would you do that? Now you're in trouble.
Nginx expects a file which you've deleted. So either retrieve the file again from a recent backup or reconfigure nginx so it doesn't expect a deleted file.
Also, you probably want to run nginx -T as root too (e.g. also use sudo).
I'm just learning by doing & having some fun (problems ).
How can I do that backup in the future and what are those files for the nginx?
Do you mean a whole server backup or copying nginx files only?
Where is that file and how can I configure it successfully?
BTW the nginx.conf has the same configration as I configured it!
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/4digitalconsulting.com/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/4digitalconsulting.com/fullchain.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
That message was the same when I tested nginx for eltogary.com but with /etc/letsencrypt/live/eltogary.com/fullchain.pem
,So why letsencrypt/ doesn't make that .pem file for eltogary.com?? it was working fine for the other sites!
Sure, exploring new things is fun. Below is a topic explaining how to safely remove certs from an active system. And, what you can do to recover if you didn't do that.
Becoming your own nginx server admin has a substantial learning curve. You should spend some more time with the nginx docs to become comfortable with its config files and the purpose of server blocks.
but when I do => sudo nginx -t
I got => nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/4digitalconsulting.com/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/4digitalconsulting.com/fullchain.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
I'm thinking about restart nginx anyway and see what will happen before I destroy the server and start from scratch again.
What do you think?
Not yet Mike
I still have =>
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/self-signed-cert.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/self-signed-cert.pem, r) error:10000080:BIO routines::no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Should I turn off the SSL stapling (OCSP stapling)?
UPDATE
I changed all the conf files for all sites then tested nginx and I got
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: [warn] "ssl_stapling" ignored, issuer certificate not found for certificate "/etc/letsencrypt/self-signed-cert.pem"
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Thanks @MikeMcQ we achieved something
now should I turn off the SSL stapling before restarting or go ahead and restart?
I, along with most others helping here, are unpaid volunteers offering our time and expertise for free. It would be helpful if you studied the docs better and did more on your own. You really should understand the error messages about missing files by now - don't you think?
Perhaps some other volunteer will be willing to help further. I'm going to take a break from this thread for awhile.
I wanted to take a moment to thank you for all your help with my problems. Your expertise and the time you've dedicated are truly appreciated, especially considering that you, like most others here, are an unpaid volunteer. I understand the importance of studying the documentation better and putting in more effort to solve issues on my own, as you mentioned.
Your advice about stapling and the error messages has been valuable, and I will make sure to work on understanding these aspects better. I respect your decision to take a break from this thread, and I hope to continue improving with the knowledge you've shared.
Thanks again for your support and guidance.
Have a nice day.
Can you help me?
).
