Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I couldn't either except to note the current server for that domain sends out the short chain but that was not requested in the sample command in first post. And, the presence of that chain.pem.save file in the /live folder for that domain.
Of course, neither of these would cause a problem outright. But, maybe points to some manual adjustment of the chain in a subtle way contributing to the error. Not so much a cause but perhaps a clue.
No, I just imagine that if OpenSSL ends up getting an empty or missing file, we might expect an error something like that, and it might happen during the early phase when Certbot is checking whether or not there is an existing certificate with a subset of the names requested for the new certificate. I would hope for Certbot to give more specific and useful error messages, and I think it does it most cases, but apparently not for whatever is causing this particular error!
Not sure what you mean by 'created the keys ... using nano'. You create these files using certbot and you could display / copy / paste them using nano to your hosting site page. I assume that's what you meant.
Probably should be fullchain.pem instead. Also, are you pasting the entire contents of those files including the text 'markers' at top and bottom?