Nginx: [emerg] cannot load certificate

limjinkwang · November 20, 2024, 9:10am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jiyeon.kr

I ran this command: ddev restart

It produced this output:
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem, r) error:10000080:BIO routines::no such file)

My web server is (include version): nginx/1.27.2

The operating system my web server runs on is (include version):
macOS Monterey 12.7.5

My hosting provider, if applicable, is:
cafe24

I can login to a root shell on my machine (yes or no, or I don't know):
yes?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 3.0.1

limjinkwang · November 20, 2024, 9:27am

i'd like to thanks to reply this article in advance.

here is more information about path and authority.

sudo certbot certificates

Found the following certs:
Certificate Name: jiyeon.kr
Serial Number: 413124c217ed30822efbb52773890bad3bf
Key Type: ECDSA
Domains: jiyeon.kr
Expiry Date: 2025-02-17 10:58:17+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/jiyeon.kr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/jiyeon.kr/privkey.pem

ls -l /etc/letsencrypt/live/jiyeon.kr
total 8
-rwxr-xr-x 1 root _www 692 11 16 05:15 README
lrwxr-xr-x 1 root _www 33 11 19 20:56 cert.pem -> ../../archive/jiyeon.kr/cert7.pem
lrwxr-xr-x 1 root _www 34 11 19 20:56 chain.pem -> ../../archive/jiyeon.kr/chain7.pem
lrwxr-xr-x 1 root _www 38 11 19 20:56 fullchain.pem -> ../../archive/jiyeon.kr/fullchain7.pem
lrwxr-xr-x 1 root _www 36 11 19 20:56 privkey.pem -> ../../archive/jiyeon.kr/privkey7.pem

ls -l /Users/imjingwang/site/jiyeon-dot-kr/.ddev/data/certbot/conf/live/jiyeon.kr
total 0
lrwxr-xr-x 1 imjingwang staff 38 11 20 17:22 fullchain.pem -> ../../archive/jiyeon.kr/fullchain7.pem
lrwxr-xr-x 1 imjingwang staff 36 11 20 17:22 privkey.pem -> ../../archive/jiyeon.kr/privkey7.pem

imjingwang@imjingwang-ui-MacBookPro jiyeon.kr % ls -l /etc/letsencrypt/archive/jiyeon.kr
total 192
-rw-r--r-- 1 root staff 2823 11 19 20:56 fullchain7.pem
-rw-r--r-- 1 root staff 241 11 19 20:56 privkey7.pem

ls -l /Users/imjingwang/site/jiyeon-dot-kr/.ddev/data/certbot/conf/archive/jiyeon.kr
total 16
-rw------- 1 imjingwang staff 2823 11 20 17:22 fullchain7.pem
-rw------- 1 imjingwang staff 241 11 20 17:22 privkey7.pem
[/quote]

MikeMcQ · November 20, 2024, 1:54pm

Did you copy the fullchain.pem from /etc/letsencrypt/... to /etc/nginx/ssl/... ?

Because normally your nginx config would refer to the files in /etc/letsencrypt/...

Osiris · November 20, 2024, 5:05pm

Where does this path suddenly come from? Did you copy around the files for some reason? If so, why? We now already have three paths with certificates.. The original one in /etc/letsencrypt/, the one in /etc/nginx/ssl/ and also one in /Users/...etc../.. As Mike already said, that doesn't make much sense.. Why not simply use the files in /etc/letsencrypt/ indeed?

limjinkwang · November 22, 2024, 8:13am

/Users/imjingwang/site/jiyeon-dot-kr/.ddev/data/certbot/conf

I expected that situations would get better what if all the certificate files are located in container of DDEV.

Now I learned that you guys advised the path nginx usually accept as default.

even I relocated the path as you mentioned,

/Users/imjingwang/site/jiyeon-dot-kr/.ddev/nginx_full/jiyeon-dot-kr.conf
ssl_certificate /etc/nginx/ssl/live/jiyeon.kr/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/jiyeon.kr/privkey.pem;

i got almost same message.

iTerm2
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem, r) error:10000080:BIO routines::no such file)

MikeMcQ · November 22, 2024, 3:52pm

No, we suggested those lines could use the Certbot directory:

ssl_certificate     /etc/letsencrypt/live/jiyeon.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jiyeon.kr/privkey.pem;

Or, copy the files from the Certbot directory to where your nginx config defines them. The error is from nginx saying it can't find or access the file you specified in the ssl_certificate definition.

Also, if you have containers you need to review your volume sharing. Make sure the Certbot directories are properly shared with the nginx container. You should consult support at a forum for your type of container.

system · December 22, 2024, 3:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/exemple.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullch Help	4	3887	February 11, 2023
Nginx: [emerg] cannot load certificate. SSL: error:0480006C:PEM Help	7	3508	July 13, 2023
Nginx SSL nginx: [emerg] cannot load certificate "/etc/letsencrypt/live Help	2	324	October 31, 2024
Improper deletion of certificates: How do i fix nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/mydomain-0002/fullchain.pem Help	8	26769	April 14, 2022
Cannot load certificate Help	2	876	December 10, 2022

Nginx: [emerg] cannot load certificate

Related topics