OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
sudo -H certbot certonly --manual --preferred-challenges dns -d www.davislawgrouppc.com -d davislawgrouppc.com

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Encountered error while loading certificate or csr: [('PEM routines', 'get_name', 'no start line')]

An unexpected error occurred:

OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]

Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version):
Linux / Apache / PHP 7.2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
LiquidWeb Cloud

I can login to a root shell on my machine (yes or no, or I don't know):
No

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
I think so

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.22.0

Hi @bullaka,

Wow, that's an interesting one. It makes me think that you previously had some certificates in /etc/letsencrypt that have been partially, but not completely, deleted. Is that possible?

That's possible @schoen. I know I tried to delete some, but don't know if they deleted or not.

Did you use certbot to delete them or manually?
Show the output of:
certbot certificates

@rg305 I used certbot, but don't remember the command I used.

OK.
What about the output of?:
certbot certificates

Also, maybe

ls -lR /etc/letsencrypt/{live,archive}

@schoen

/etc/letsencrypt/archive:

total 0

ls: /etc/letsencrypt/archive: Permission denied

/etc/letsencrypt/live:

total 0

ls: /etc/letsencrypt/live: Permission denied

Maybe try again with sudo before the command.

Thank you for your help @schoen thus far!

There was A LOT of info in there. So I put it in a text document and saved to dropbox at the link above.

What made you think that?

I do agree. I've only seen errors like that from OpenSSL when someone passes in a file's name instead of data, or bad data. Just wondering if you were thinking the same, or had more insight.

I can't find anything obviously incorrect in the output.
Although "root wheel" might be something to confirm.

I couldn't either except to note the current server for that domain sends out the short chain but that was not requested in the sample command in first post. And, the presence of that chain.pem.save file in the /live folder for that domain.

Of course, neither of these would cause a problem outright. But, maybe points to some manual adjustment of the chain in a subtle way contributing to the error. Not so much a cause but perhaps a clue.

No, I just imagine that if OpenSSL ends up getting an empty or missing file, we might expect an error something like that, and it might happen during the early phase when Certbot is checking whether or not there is an existing certificate with a subset of the names requested for the new certificate. I would hope for Certbot to give more specific and useful error messages, and I think it does it most cases, but apparently not for whatever is causing this particular error!

I'm still fighting with this thing. I don't know if this helps but I tried creating the keys. All keys are created using the following commands:

sudo nano /etc/letsencrypt/live/www.davislawgrouppc.com/cert.pem

sudo nano /etc/letsencrypt/live/www.davislawgrouppc.com/privkey.pem

sudo nano /etc/letsencrypt/live/www.davislawgrouppc.com/chain.pem

However, once I copy and paste them into the hosting SSL configuration I get the following error:

The Intermediate Certificate is invalid, please try another.

I've done it multiple times using different URLs and get the same error.

Not sure what you mean by 'created the keys ... using nano'. You create these files using certbot and you could display / copy / paste them using nano to your hosting site page. I assume that's what you meant.

And,

Probably should be fullchain.pem instead. Also, are you pasting the entire contents of those files including the text 'markers' at top and bottom?

Why are you having to insert three files?
Can you show the screen where it asks for this input?

@rg305 it's the host. They need all 3 to make a site secure.

What did you put into those files when you created them with nano?

I'm pessimistic about this approach, but I would like to better understand what you tried.

I think it may have been the other way around...
They copied the contents (which they saw within nano) out.
[not sure what the point of using nano to cat a file is though]

Me too.
[where did you get that instruction?]