Nginx server fails after certbot renew

epano · January 14, 2021, 8:04am

Thank you for helping

nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2021/01/14 08:52:19 [warn] 27374#27374: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
2021/01/14 08:52:19 [emerg] 27374#27374: cannot load certificate "/etc/letsencrypt/live/office.projectcloud.site/fullchain.pem": BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/office.projectcloud.site/fullchain.pem','r') error:2006D002:BIO routines:BIO_new_file:system lib)

yes it is the right path:

    user www-data;
    worker_processes auto;
    pid /run/nginx.pid;
    include /etc/nginx/modules-enabled/*.conf;

    events {
            worker_connections 768;
            # multi_accept on;
    }

    http {

            ##
            # Basic Settings
            ##

            sendfile on;
            tcp_nopush on;
            tcp_nodelay on;
            keepalive_timeout 65;
            types_hash_max_size 2048;
            # server_tokens off;

            # server_names_hash_bucket_size 64;
            # server_name_in_redirect off;

            include /etc/nginx/mime.types;
            default_type application/octet-stream;

            ##
            # SSL Settings
            ##

            ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
            ssl_prefer_server_ciphers on;

            ##
            # Logging Settings
            ##

            access_log /var/log/nginx/access.log;
            error_log /var/log/nginx/error.log;

            gzip on;

            include /etc/nginx/conf.d/*.conf;
            include /etc/nginx/sites-enabled/*;
    }

Also i am sharing /etc/nginx/conf.d/ds.conf file:

include /etc/nginx/includes/http-common.conf;
server {
  server_tokens off;
  server_name office.projectcloud.site;

  include /etc/nginx/includes/ds-*.conf;

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/office.projectcloud.site/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/office.projectcloud.site/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/office.projectcloud.site/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}

server {
    if ($host = office.projectcloud.site) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 0.0.0.0:80;
  listen [::]:80 default_server;
  server_tokens off;
  server_name office.projectcloud.site;

  include /etc/nginx/includes/ds-*.conf;

}

Topic		Replies	Views
Bug: installing with certbot impedes further nginx conf changes without reboot Client dev	57	7685	December 2, 2021
Auto Renewal: NGINX pid disappears, NGINX does't restart Help	8	1952	July 22, 2022
Certbot crashes Nginx while renewing certificates Client dev	5	3805	June 29, 2018
Nginx Perl module related to restart failure upon renewal (segmentation fault) Help	5	1629	August 11, 2021
Attempting to renew cert produced an unexpected error: The nginx plugin is not working; there may be problems with your existing configuration. The error was: NoInstallationError(). Skipping Help	28	15804	January 22, 2019

Nginx server fails after certbot renew

Related topics