No such file or directory

Help
1

Please help. I regularly updated certificates using the same instructions, but today I encountered an error when entering the next command :
[root@mail ~]# cp /etc/letsencrypt/live/mail.domain.com.ua/* /opt/zimbra/ssl/letsencrypt
cp: cannot stat ‘/etc/letsencrypt/live/mail.domain.com.ua/cert.pem’: No such file or directory
the same error for all certificate files in this folder.
This directory contains the latest files: cert.pem, chain.pem, fullchain.pem, privkey.pem, README. Of these, only the README is copied. The rights to the directory and these files are the same for all files.

2

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

That said, please also provide the output of the following commands:

certbot certificates

and

ls -l /etc/letsencrypt/live/mail.domain.com.ua/
ls -l /etc/letsencrypt/archive/mail.domain.com.ua/
4 Likes
3

Assuming that you are using the HTTP-01 challenge of the Challenge Types - Let's Encrypt

Start with http://mail.domain.com.ua/.well-known/acme-challenge/sometestfile

$ curl -i http://mail.domain.com.ua/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Wed, 24 Apr 2024 22:19:45 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://myname.com.ua/.well-known/acme-challenge/sometestfile

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>

Redirected to http://myname.com.ua/.well-known/acme-challenge/sometestfile

$ curl -i http://myname.com.ua/.well-known/acme-challenge/sometestfile
HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Wed, 24 Apr 2024 22:19:54 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://myname.com.ua/.well-known/acme-challenge/sometestfile

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>

and that Redirect to https://myname.com.ua/.well-known/acme-challenge/sometestfile

$ curl -k -i https://myname.com.ua/.well-known/acme-challenge/sometestfile
HTTP/1.1 404 Not Found
Server: nginx/1.14.2
Date: Wed, 24 Apr 2024 22:20:41 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 275
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache/2.4.46 (Ubuntu) Server at myname.com.ua Port 80</address>
</body></html>

With the redirection to another domain; in addition to Osiris' request

ls -l /etc/letsencrypt/archive/
1 Like
4

@vottak the presently being served certificate is https://decoder.link/sslchecker/mail.domain.com.ua/443

Common Name:	dotcom.com.ua
SANs:	
DNS:dotcom.com.ua
Total number of SANs: 1
Signature Algorithm:	sha256WithRSAEncryption
Key Type:	RSA
Key size:	2048 bits
Serial Number:	362fdf13d2075621042b7a3754e368032a6
Not Before:	Mar 06, 2024 18:59:21 GMT

Which is this certificate crt.sh | 12296009055

5

I doubt that is the real domain name in use.

2 Likes
6

Me too, but I never can be sure.

1 Like
7

Hi @vottak, where are the instructions from that asked you to do this?

2 Likes
8

I bring my guesses, when opening the post, it was not possible to provide the necessary information.

My domain is: mail.seebet.com.ua

I ran this command: chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
cp /etc/letsencrypt/live/mail.seebet.com.ua/* /opt/zimbra/ssl/letsencrypt

It produced this output: cp: cannot stat ‘/etc/letsencrypt/live/mail.seebet.com.ua/*’: No such file or directory

Zimbra 8.8.15_GA

The operating system my web server runs on is (include version): Cent os7

I can login to a root shell on my machine (yes or no, or I don't know): Yes

The version of my client is : certbot 1.11.0

But the problem is not in receiving new certificates, the error occurs when copying them from the folder: /etc/letsencrypt/live/mail.seebet.com.ua/* In the folder /opt/zimbra/ssl/letsencrypt

[root@mail ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: mail.seebet.com.ua
Serial Number: 4d6564110fbc91d72e3bd36d8288655969a
Key Type: RSA
Domains: mail.seebet.com.ua mail.rh-lens.com.ua webmail.hilens.com.ua webmail.promedoptics.com.ua
Expiry Date: 2024-04-26 16:19:26+00:00 (VALID: 1 day)
Certificate Path: /etc/letsencrypt/live/mail.seebet.com.ua/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mail.seebet.com.ua/privkey.pem

[root@mail ~]# ls -l "/etc/letsencrypt/live/mail.seebet.com.ua/"
total 4
lrwxrwxrwx 1 root root 47 Jan 27 19:19 cert.pem -> ../../archive/mail.seebet.com.ua-0001/cert1.pem
lrwxrwxrwx 1 root root 48 Jan 27 19:19 chain.pem -> ../../archive/mail.seebet.com.ua-0001/chain1.pem
lrwxrwxrwx 1 root root 52 Jan 27 19:19 fullchain.pem -> ../../archive/mail.seebet.com.ua-0001/fullchain1.pem
lrwxrwxrwx 1 root root 50 Jan 27 19:19 privkey.pem -> ../../archive/mail.seebet.com.ua-0001/privkey1.pem
-rw-r--r-- 1 root root 692 Jan 27 19:19 README
[root@mail ~]# ls -l "/etc/letsencrypt/live/mail.seebet.com.ua/"
total 4
lrwxrwxrwx 1 root root 47 Jan 27 19:19 cert.pem -> ../../archive/mail.seebet.com.ua-0001/cert1.pem
lrwxrwxrwx 1 root root 48 Jan 27 19:19 chain.pem -> ../../archive/mail.seebet.com.ua-0001/chain1.pem
lrwxrwxrwx 1 root root 52 Jan 27 19:19 fullchain.pem -> ../../archive/mail.seebet.com.ua-0001/fullchain1.pem
lrwxrwxrwx 1 root root 50 Jan 27 19:19 privkey.pem -> ../../archive/mail.seebet.com.ua-0001/privkey1.pem

9

Where you root user OR zimbra user at that time?

2 Likes
10

root User. When you try to copy from the user, Zimbra reports that there is not enough right

13

I don't understand how root user can't copy those files.

Try copying the files individually:

cp /etc/letsencrypt/live/mail.domain.com.ua/cert.pem /opt/zimbra/ssl/letsencrypt
cp /etc/letsencrypt/live/mail.domain.com.ua/chain.pem /opt/zimbra/ssl/letsencrypt
cp /etc/letsencrypt/live/mail.domain.com.ua/fullchain.pem /opt/zimbra/ssl/letsencrypt
cp /etc/letsencrypt/live/mail.domain.com.ua/privkey.pem /opt/zimbra/ssl/letsencrypt
1 Like
14

I don't understand this either. Separately, the same thing.
In the same catalog there is a Readme file, it is copied without problems. When trying to copy certificate files message: No such file or directory

15

That may be the problem.
The symlinks are criss-crossed with a folder that probably no longer exists.

The symlinks should look like:
/etc/letsencrypt/live/mail.seebet.com.ua/FILE > /etc/letsencrypt/archive/mail.seebet.com.ua/FILE

NOT:
/etc/letsencrypt/live/mail.seebet.com.ua/FILE >
/etc/letsencrypt/archive/mail.seebet.com.ua-0001/FILE

2 Likes
16

You're right! Tell me how to fix the symbolic link to the desired catalog?

17

The simplest path is:

  • delete the broken cert
    certbot delete --cert-name mail.seebet.com.ua
    [OR just "certbot delete" then follow the prompts]

  • ensure the symlinks have been deleted
    ls -l /etc/letsencrypt/live/mail.seebet.com.ua/ [should be empty]

  • get a new cert
    certbot certonly -d mail.seebet.com.ua
    [OR however you did it last time]

  • ensure the symlinks are pointing to the right folder
    ls -l /etc/letsencrypt/live/mail.seebet.com.ua/ [should not use -0001 folder]

2 Likes
18

I usually use the command:
certbot certonly --standalone --force-renewal --preferred-chain "ISRG Root X1"
Now I received a certificate with the command: certbot certonly --standalone --preferred-chain "ISRG Root X1"

And the following command works with errors and is not complete:

[zimbra@mail root]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem
.............................
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.seebet.com.ua...failed (rc=1)
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/df27e515.0
** Removing /opt/zimbra/conf/ca/ca.pem
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'df27e515.0' -> 'ca.pem'
zmcertmgr: ERROR deploycrt(comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem) failed:
chdir(/root) failed: Permission denied

The certificates were updated with these errors, but if you don’t mind, I would like to understand how to fix them.

19

You failed to show all the steps you normally take.

Step #1: Get new cert:

Step #2: ? ? ?

Step #3: Deploy new cert:

What happens between #1 and #3?
Did that part work as expected?

2 Likes
20

yes, everything goes without errors, the error occurs only in the command:
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem

21

Before you can deploycrt you should verifycrt.

2 Likes
22

the command verifycrt is successful