I accidentally deleted fullchain.pem. How can I restore it
2 Likes
Welcome to the Let's Encrypt Community, Landy 
certbot update_symlinks
2 Likes
If that doesn't work, you can recreate it manually from the public cert and the Intermediate cert.
[The public cert can be found in the cert.pem file or at https://crt.sh/ or from your active web server (if you haven't restarted it)]
[The Intermediate can be found easily from within any previous fullchain.pem file on your drive.]
2 Likes
You can also download the intermediate certificate here:
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
1 Like
update_symlinks won't restore a deleted symlink, unfortunately.
First, take a backup of /etc/letsencrypt:
sudo tar cf /root/letsencrypt.tar /etc/letsencrypt
Then you can try run this to fix them up (make sure to substitute CERTIFICATE_NAME's value):
export CERTIFICATE_NAME=example.com
sudo bash -E <<EOF
cd "/etc/letsencrypt/live/${CERTIFICATE_NAME}" && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "fullchain*.pem" | sort | tail -1) fullchain.pem && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "privkey*.pem" | sort | tail -1) privkey.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "chain*.pem" | sort | tail -1) chain.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "cert*.pem" | sort | tail -1) cert.pem
EOF
2 Likes
@griffin can you walk me via this step as currently I cant start the server due to this issue
1 Like
I'll try to help. You may need to take things further as _az has mentioned.
First off, do you still have your private key(s)? If not, rebuilding fullchain.pem is purposeless and you'll need to acquire a new certificate.
Otherwise, recreate fullchain.pem:
- Visit https://crt.sh, search for your certificate, click the top certificate that matches (because the bottom of the pair is a precertificate), and download the certificate (using the link on the left at the bottom). Rename the downloaded file from ##########.crt to
cert.pem. - Download the intermediate certificate from https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.
- In a new file named
fullchain.pem, put the contents ofcert.pemthen the contents oflets-encrypt-x3-cross-signed.pem.
You can accomplish the final step by:
cat cert.pem > fullchain.pem
cat lets-encrypt-x3-cross-signed.pem >> fullchain.pem
2 Likes
Ok so I download second link and renamed it fullchain.pem
On the first link how I find cert.pem???
Since I used lighttpd I combine privkey.pem + full chain.pem into combine.pem
I do have privkey. I need to recuperate fullchain.pem
Is this the cert.pem?
1 Like
This is the certificate for vorman.mooo.com:
https://crt.sh/?d=3498699986
Rename the one downloaded from above to cert.pem.
This is the intermediate certificate:
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
You should already have privkey.pem.
You can also use the following website to build fullchain.pem once you have downloaded your certificate:
2 Likes
Many thanks. I think it worked
2 Likes
It's a really tiny (but important) link. 
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.