Restore full chain.pem

I accidentally deleted fullchain.pem. How can I restore it

2 Likes

Welcome to the Let's Encrypt Community, Landy :slightly_smiling_face:

certbot update_symlinks

2 Likes

If that doesn't work, you can recreate it manually from the public cert and the Intermediate cert.
[The public cert can be found in the cert.pem file or at https://crt.sh/ or from your active web server (if you haven't restarted it)]
[The Intermediate can be found easily from within any previous fullchain.pem file on your drive.]

2 Likes

You can also download the intermediate certificate here:
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem

1 Like

update_symlinks won't restore a deleted symlink, unfortunately.

First, take a backup of /etc/letsencrypt:

sudo tar cf /root/letsencrypt.tar /etc/letsencrypt

Then you can try run this to fix them up (make sure to substitute CERTIFICATE_NAME's value):

export CERTIFICATE_NAME=example.com
sudo bash -E <<EOF
cd "/etc/letsencrypt/live/${CERTIFICATE_NAME}" && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "fullchain*.pem" | sort | tail -1) fullchain.pem && \
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "privkey*.pem" | sort | tail -1) privkey.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "chain*.pem" | sort | tail -1) chain.pem
ln -sf $(sudo find ../../archive/${CERTIFICATE_NAME}/ -name "cert*.pem" | sort | tail -1) cert.pem
EOF
2 Likes

@griffin can you walk me via this step as currently I cant start the server due to this issue

1 Like

I'll try to help. You may need to take things further as _az has mentioned.

First off, do you still have your private key(s)? If not, rebuilding fullchain.pem is purposeless and you'll need to acquire a new certificate.

Otherwise, recreate fullchain.pem:

  1. Visit https://crt.sh, search for your certificate, click the top certificate that matches (because the bottom of the pair is a precertificate), and download the certificate (using the link on the left at the bottom). Rename the downloaded file from ##########.crt to cert.pem.
  2. Download the intermediate certificate from https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.
  3. In a new file named fullchain.pem, put the contents of cert.pem then the contents of lets-encrypt-x3-cross-signed.pem.

You can accomplish the final step by:
cat cert.pem > fullchain.pem
cat lets-encrypt-x3-cross-signed.pem >> fullchain.pem

2 Likes

Ok so I download second link and renamed it fullchain.pem
On the first link how I find cert.pem???
Since I used lighttpd I combine privkey.pem + full chain.pem into combine.pem
I do have privkey. I need to recuperate fullchain.pem

Is this the cert.pem?

1 Like

This is the certificate for vorman.mooo.com:
https://crt.sh/?d=3498699986

Rename the one downloaded from above to cert.pem.

This is the intermediate certificate:
https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem

You should already have privkey.pem.

You can also use the following website to build fullchain.pem once you have downloaded your certificate:

2 Likes

Many thanks. I think it worked

2 Likes

:partying_face:

1 Like

I just didn’t see link to download

1 Like

It's a really tiny (but important) link. :grin:

2 Likes