Restore full chain.pem

Soydepr · October 12, 2020, 9:49pm

I accidentally deleted fullchain.pem. How can I restore it

griffin · October 12, 2020, 10:06pm

Welcome to the Let's Encrypt Community, Landy

certbot update_symlinks

rg305 · October 12, 2020, 10:36pm

If that doesn't work, you can recreate it manually from the public cert and the Intermediate cert.
[The public cert can be found in the cert.pem file or at https://crt.sh/ or from your active web server (if you haven't restarted it)]
[The Intermediate can be found easily from within any previous fullchain.pem file on your drive.]

griffin · October 12, 2020, 10:55pm

You can also download the intermediate certificate here:
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem

_az · October 12, 2020, 10:57pm

update_symlinks won't restore a deleted symlink, unfortunately.

First, take a backup of /etc/letsencrypt:

sudo tar cf /root/letsencrypt.tar /etc/letsencrypt

Then you can try run this to fix them up (make sure to substitute CERTIFICATE_NAME's value):

export CERTIFICATE_NAME=example.com
sudo bash -E <<EOF
cd "/etc/letsencrypt/live/${CERTIFICATE_NAME}" && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "fullchain*.pem" | sort | tail -1) fullchain.pem && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "privkey*.pem" | sort | tail -1) privkey.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "chain*.pem" | sort | tail -1) chain.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "cert*.pem" | sort | tail -1) cert.pem
EOF

Soydepr · October 18, 2020, 11:58am

@griffin can you walk me via this step as currently I cant start the server due to this issue

griffin · October 18, 2020, 5:24pm

I'll try to help. You may need to take things further as _az has mentioned.

First off, do you still have your private key(s)? If not, rebuilding fullchain.pem is purposeless and you'll need to acquire a new certificate.

Otherwise, recreate fullchain.pem:

Visit https://crt.sh, search for your certificate, click the top certificate that matches (because the bottom of the pair is a precertificate), and download the certificate (using the link on the left at the bottom). Rename the downloaded file from ##########.crt to cert.pem.
Download the intermediate certificate from https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.
In a new file named fullchain.pem, put the contents of cert.pem then the contents of lets-encrypt-x3-cross-signed.pem.

You can accomplish the final step by:
cat cert.pem > fullchain.pem
cat lets-encrypt-x3-cross-signed.pem >> fullchain.pem

Soydepr · October 18, 2020, 5:30pm

Ok so I download second link and renamed it fullchain.pem
On the first link how I find cert.pem???
Since I used lighttpd I combine privkey.pem + full chain.pem into combine.pem
I do have privkey. I need to recuperate fullchain.pem

Is this the cert.pem?