Nginx fails to start after delete of certificate

Help
1

My domain is:Hey all, I’m having some issues starting up my nginx after I deleted one of my certificates .

I ran this command: to delete the certificate I ran certbot --nginx delete --cert-name my-domin.com ,I delete from my site-enabled/default the path to the certificate and ran nginx -t

It produced this output:
BIO_new_file("/etc/letsencrypt/live/ my-domin.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/ my-domin.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

My web server is (include version):

The operating system my web server runs on is (include version):ubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 0.27.0

I dont understaned why nginx recognize that I dont have this certificate if I removed the call from site-enabled/default . I also checked my nginx.conf and there is no reference to /etc/letsencrypt/live/ my-domin.com/fullchain.pem .

1 Like
2

Welcome to the Let's Encrypt Community :slightly_smiling_face:

What is the output of this:

sudo nginx -T

3

Hi @sivank

that's expected. If you jump out of a window, the result may be fatal.

Disable the vHosts or add self signed certificates.

Or use your backup. Don't have a backup? Next window-jump.

1 Like
4

nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/my-domain.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/livemy-domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

I dont have the certificate because I deleted it so ofcure I have the error "no such file". I removed from my default file the reference to certificate so why am I getting this error.:\

5

I have a backup of the certificate but I want to delete it and create a new one

6

What's currently in this file:

/etc/nginx/nginx.conf

1 Like
7

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

}

1 Like
8

The output of these?

sudo ls -lRa /etc/nginx/conf.d

sudo ls -lRa /etc/nginx/sites-enabled

1 Like
9

That's the wrong order.

Use your backup, then create a new one, then delete the old.

1 Like
10

sudo ls -lRa /etc/nginx/conf.d

total 8
drwxr-xr-x 2 root root 4096 Jan 10 2020 .
drwxr-xr-x 8 root root 4096 Jan 28 08:20 ..

/etc/nginx/sites-enabled:
total 40
drwxr-xr-x 2 root root 4096 Jan 28 08:37 .
drwxr-xr-x 8 root root 4096 Jan 28 08:20 ..
-rwxrwxrwx 1 root root 14109 Jan 28 08:37 default
-rwxr-xr-x 1 root root 13766 Dec 16 11:29 default.bkp

1 Like
11

And what's in these:

/etc/nginx/sites-enabled/default

/etc/nginx/sites-enabled/default.bkp

They are both being included here:

1 Like
12

can I multiple certificate to the same domain?
what will be the steps:
1.create a new certificate to domain in this step certbot will add automatically the references to the new certificate? and then I will just delete the old references ?
how can I give a certificate a different name from domain name?

1 Like
13

default:

server {
server_name my-domain

location / {
    proxy_pass http://xxxxx;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}



#listen 443 ssl; # managed by Certbot
#ssl_certificate /etc/letsencrypt/live/my-domain/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/my-domain/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
default.bkp
server {
server_name my-domain

location / {
    proxy_pass http://xxxx;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
}



listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my-domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my-domain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

Yes I see that in the backup file it is not commend.
so what should I do?

1 Like
14

Well, @JuergenAuer's suggestion is good, but if you want to simplify, just delete default.bkp, delete the 5 lines you commented (certbot will recreate them anyhow), then

sudo nginx -s reload

I'm not seeing a port 80 listen anywhere, which is rather odd. Do you not have a port 80 server block?

15

yes I just copied the section of the domain

1 Like
16

Ah. Then my previous suggestion should get you moving forward at least. :slightly_smiling_face:

17

YES! nginx is up THANKS!!!
so what are the steps I need to do create the new certificate and then delete the old one?

1 Like
18

Well... for starters, what say these:

sudo certbot certificates

sudo ls -lRa /etc/letsencrypt
19

ya I see the list of certificates I have.
they will expire soon

1 Like
20

Are they all junk? Do any of them have exactly the domain names you want?

For the second command (ls), do you see any remaining cruft from previous certificates that aren't listed by certbot? Are all the files in the live folders symlinks?