[solved] Certbot –nginx fails with system library:fopen:No such file or directory:fopen('/etc/nginx/***','r')

I’m using a just-created DigitalOcean “One-Click” install image of Django. I am attempting to set up SSL on it before adding any content.

My domain is:

I ran this command:

[root@metatheoreticheart:~] 1 # certbot --nginx -d metatheoreticheart.com -d ww.metatheoreticheart.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/nginx/***") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/***','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/nginx/***") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(\'/etc/nginx/***\',\'r\') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)

Yet, /etc/nginx/nginx.conf does exist:

[root@metatheoreticheart:~] # ll /etc/nginx/
total 64K
drwxrwxr-x   6 root root 4.0K Aug  9 19:40 ./
drwxr-xr-x 105 root root 4.0K Nov  4 21:49 ../
drwxr-xr-x   2 root root 4.0K Jul 12 10:34 conf.d/
-rw-r--r--   1 root root 1.1K Feb 11  2017 fastcgi.conf
-rw-r--r--   1 root root 1007 Feb 11  2017 fastcgi_params
-rw-r--r--   1 root root 2.8K Feb 11  2017 koi-utf
-rw-r--r--   1 root root 2.2K Feb 11  2017 koi-win
-rw-r--r--   1 root root 3.9K Feb 11  2017 mime.types
-rw-r--r--   1 root root 1.5K Feb 11  2017 nginx.conf
-rw-r--r--   1 root root  180 Feb 11  2017 proxy_params
-rw-r--r--   1 root root  636 Feb 11  2017 scgi_params
drwxrwxr-x   2 root root 4.0K Nov  4 21:45 sites-available/
drwxr-xr-x   2 root root 4.0K Nov  4 21:45 sites-enabled/
drwxr-xr-x   2 root root 4.0K Aug  9 19:40 snippets/
-rw-r--r--   1 root root  664 Feb 11  2017 uwsgi_params
-rw-r--r--   1 root root 3.0K Feb 11  2017 win-uff

My web server is (include version):

[root@metatheoreticheart:~] 1 # nginx -V
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads

The operating system my web server runs on is (include version):

[root@metatheoreticheart:~] # lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.3 LTS
Release:	16.04
Codename:	xenial
[root@metatheoreticheart:~] # uname -a
Linux metatheoreticheart 4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

please show or upload:
certbot --version

And maybe try: certbot-auto

Admittedly, I don’t know much about Django.
But maybe there is a clue here in the current website content:

It worked!
Congratulations on your first Django-powered page.
Of course, you haven't actually done any work yet. Next, start your first app by running python manage.py startapp [app_label]. 
You're seeing this message because you have DEBUG = True in your Django settings file and you haven't configured any URLs. Get to work!

Does it say this literally or did you obscure something?

Does *** appear in your nginx config anywhere?

grep -Fr '***' /etc/nginx

Do you get this error if you run nginx -t outside certbot?


Hah, that was it, @Patches! I had used *** as a placeholder for the cert lines in /etc/nginx/sites-available/django. (Nothing in what I reported was redacted/obfuscated.) After commenting those lines out, that same certbot command ran successfully. The BIO_new_file("/etc/nginx/***") failed error really sent me in the wrong direction for trying to solve the problem.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.