[solved] Certbot –nginx fails with system library:fopen:No such file or directory:fopen('/etc/nginx/***','r')

I’m using a just-created DigitalOcean “One-Click” install image of Django. I am attempting to set up SSL on it before adding any content.

My domain is:
metatheoreticheart.com

I ran this command:

[root@metatheoreticheart:~] 1 # certbot --nginx -d metatheoreticheart.com -d ww.metatheoreticheart.com

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] BIO_new_file("/etc/nginx/***") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/***','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The nginx plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError('Error while running nginx -c /etc/nginx/nginx.conf -t.\n\nnginx: [emerg] BIO_new_file("/etc/nginx/***") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(\'/etc/nginx/***\',\'r\') error:2006D080:BIO routines:BIO_new_file:no such file)\nnginx: configuration file /etc/nginx/nginx.conf test failed\n',)

Yet, /etc/nginx/nginx.conf does exist:

[root@metatheoreticheart:~] # ll /etc/nginx/
total 64K
drwxrwxr-x   6 root root 4.0K Aug  9 19:40 ./
drwxr-xr-x 105 root root 4.0K Nov  4 21:49 ../
drwxr-xr-x   2 root root 4.0K Jul 12 10:34 conf.d/
-rw-r--r--   1 root root 1.1K Feb 11  2017 fastcgi.conf
-rw-r--r--   1 root root 1007 Feb 11  2017 fastcgi_params
-rw-r--r--   1 root root 2.8K Feb 11  2017 koi-utf
-rw-r--r--   1 root root 2.2K Feb 11  2017 koi-win
-rw-r--r--   1 root root 3.9K Feb 11  2017 mime.types
-rw-r--r--   1 root root 1.5K Feb 11  2017 nginx.conf
-rw-r--r--   1 root root  180 Feb 11  2017 proxy_params
-rw-r--r--   1 root root  636 Feb 11  2017 scgi_params
drwxrwxr-x   2 root root 4.0K Nov  4 21:45 sites-available/
drwxr-xr-x   2 root root 4.0K Nov  4 21:45 sites-enabled/
drwxr-xr-x   2 root root 4.0K Aug  9 19:40 snippets/
-rw-r--r--   1 root root  664 Feb 11  2017 uwsgi_params
-rw-r--r--   1 root root 3.0K Feb 11  2017 win-uff

My web server is (include version):

[root@metatheoreticheart:~] 1 # nginx -V
nginx version: nginx/1.10.3 (Ubuntu)
built with OpenSSL 1.0.2g  1 Mar 2016
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_v2_module --with-http_sub_module --with-http_xslt_module --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-threads

The operating system my web server runs on is (include version):

[root@metatheoreticheart:~] # lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.3 LTS
Release:	16.04
Codename:	xenial
[root@metatheoreticheart:~] # uname -a
Linux metatheoreticheart 4.4.0-97-generic #120-Ubuntu SMP Tue Sep 19 17:28:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yup.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Nope.

please show or upload:
/var/log/letsencrypt/letsencrypt.log
and
certbot --version

And maybe try: certbot-auto

Admittedly, I don’t know much about Django.
But maybe there is a clue here in the current website content:

It worked!
Congratulations on your first Django-powered page.
Of course, you haven't actually done any work yet. Next, start your first app by running python manage.py startapp [app_label]. 
You're seeing this message because you have DEBUG = True in your Django settings file and you haven't configured any URLs. Get to work!

Does it say this literally or did you obscure something?

Does *** appear in your nginx config anywhere?

grep -Fr '***' /etc/nginx

Do you get this error if you run nginx -t outside certbot?

2 Likes

Hah, that was it, @Patches! I had used *** as a placeholder for the cert lines in /etc/nginx/sites-available/django. (Nothing in what I reported was redacted/obfuscated.) After commenting those lines out, that same certbot command ran successfully. The BIO_new_file("/etc/nginx/***") failed error really sent me in the wrong direction for trying to solve the problem.

Thanks!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.