Restore full chain.pem

I accidentally deleted fullchain.pem. How can I restore it


Welcome to the Let's Encrypt Community, Landy :slightly_smiling_face:

certbot update_symlinks


If that doesn't work, you can recreate it manually from the public cert and the Intermediate cert.
[The public cert can be found in the cert.pem file or at or from your active web server (if you haven't restarted it)]
[The Intermediate can be found easily from within any previous fullchain.pem file on your drive.]


You can also download the intermediate certificate here:

1 Like

update_symlinks won't restore a deleted symlink, unfortunately.

First, take a backup of /etc/letsencrypt:

sudo tar cf /root/letsencrypt.tar /etc/letsencrypt

Then you can try run this to fix them up (make sure to substitute CERTIFICATE_NAME's value):

sudo bash -E <<EOF
cd "/etc/letsencrypt/live/${CERTIFICATE_NAME}" && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "fullchain*.pem" | sort | tail -1) fullchain.pem && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "privkey*.pem" | sort | tail -1) privkey.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "chain*.pem" | sort | tail -1) chain.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "cert*.pem" | sort | tail -1) cert.pem

@griffin can you walk me via this step as currently I cant start the server due to this issue

1 Like

I'll try to help. You may need to take things further as _az has mentioned.

First off, do you still have your private key(s)? If not, rebuilding fullchain.pem is purposeless and you'll need to acquire a new certificate.

Otherwise, recreate fullchain.pem:

  1. Visit, search for your certificate, click the top certificate that matches (because the bottom of the pair is a precertificate), and download the certificate (using the link on the left at the bottom). Rename the downloaded file from ##########.crt to cert.pem.
  2. Download the intermediate certificate from
  3. In a new file named fullchain.pem, put the contents of cert.pem then the contents of lets-encrypt-x3-cross-signed.pem.

You can accomplish the final step by:
cat cert.pem > fullchain.pem
cat lets-encrypt-x3-cross-signed.pem >> fullchain.pem


Ok so I download second link and renamed it fullchain.pem
On the first link how I find cert.pem???
Since I used lighttpd I combine privkey.pem + full chain.pem into combine.pem
I do have privkey. I need to recuperate fullchain.pem

Is this the cert.pem?

1 Like

This is the certificate for

Rename the one downloaded from above to cert.pem.

This is the intermediate certificate:

You should already have privkey.pem.

You can also use the following website to build fullchain.pem once you have downloaded your certificate:


Many thanks. I think it worked



1 Like

I just didn’t see link to download

1 Like

It's a really tiny (but important) link. :grin:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.