My server is currently running fine with the old certificate issued using certbot.
When I try:
$ sudo certbot renew
Then I get:
Cert is due for renewal, auto-renewing...
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/live/mydomain/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
I opened the file pem file and it seems fine to me... I mean it is working correctly at the moment.
Anybody know what the issue could be? Thanks.
Hi @rambowtech
looks like you use the public key as private key.
I'm pretty sure reloading or restarting your nginx will give you the same error. Check your nginx.conf for references to the pem files and double-check if it's correct. And post those references here, so we can triple-check you
Thanks!
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
ssl_dhparam /etc/letsencrypt/live/mydomain/dhparam.pem;
Nobody knows if that vHost is used.
So
your domain name is required
the result of nginx -T
is required
domain is rambow.tech
nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/live/rambow.tech/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
If nginx -T
doesn't work you have a great problem / a big mess. You have created that mess, so fix it.
Perhaps use your backup to restore a working configuration.
Does it not fail exactly because of the SSL error?
it normally able to tell which file it faild to parse (like /etc/nginx/conf.d/yourhost.conf).
by the why, it looks like nginx can't read the file so sees empty file? try run nginx -T as root
no start line:Expecting: ANY PRIVATE KEY
try run nginx -T as root
Thanks, I already did that (as super user, if that is what you mean), see above.
Osiris
July 6, 2020, 9:23am
11
What’s the output of: ls -l /etc/letsencrypt/live/rambow.tech
?
And are those references you showed the only references? What does grep -Ri ssl_certificate /etc/nginx | grep -i rambow.tech
show?
What’s the output of: `ls -l /etc/letsencrypt/live/rambow.tech ?
total 8
lrwxrwxrwx 1 root root 35 Apr 22 14:21 cert.pem -> ../../archive/rambow.tech/cert1.pem
lrwxrwxrwx 1 root root 36 Apr 22 14:21 chain.pem -> ../../archive/rambow.tech/chain1.pem
-rw-r--r-- 1 root root 1525 Apr 22 14:50 dhparam.pem
lrwxrwxrwx 1 root root 40 Apr 22 14:21 fullchain.pem -> ../../archive/rambow.tech/fullchain1.pem
lrwxrwxrwx 1 root root 38 Apr 22 14:21 privkey.pem -> ../../archive/rambow.tech/privkey1.pem
-rw-r--r-- 1 root root 692 Apr 22 14:21 README
And are those references you showed the only references? What does grep -Ri ssl_certificate /etc/nginx | grep -i rambow.tech show?
/etc/nginx/sites-enabled/rambowtech:
ssl_certificate /etc/letsencrypt/live/rambow.tech/fullchain.pem;
/etc/nginx/sites-enabled/rambowtech:
ssl_certificate_key /etc/letsencrypt/live/rambow.tech/privkey.pem;
/etc/nginx/sites-enabled/rambowtech.save:
ssl_certificate /etc/letsencrypt/live/rambow.tech/fullchain.pem;
/etc/nginx/sites-enabled/rambowtech.save:
ssl_certificate_key /etc/letsencrypt/live/rambow.tech/fullchain.pem;
Osiris
July 6, 2020, 10:37am
13
@rambowtech If you look at the bottom table, you do see the error, right?
If you look at the bottom table, you do see the error, right?
I see. I fixed it, now everything is working. Thank you very much.
However, I don't know how it got there. Do you know what that save-file is? I would assume it's just some backup?
1 Like
Osiris
July 6, 2020, 2:22pm
15
Extensions don't mean as much in unix/Linux OSes compared to Windows. Could be anything. Probably a backup indeed. A quick search on Google gave this thread: ubuntu - Webserver with nginx working until .save file created - Stack Overflow There it's suggested it could be a nano backup file not removed when a connection was interrupted during the editing of said file. Does this sound familiair?
I did indeed use nano to edit. Seems like an easy way to cause trouble with nginx, as it is configured to use all the files in that directory.
Good to know. Better get rid of it then. Thanks again.
system
Closed
August 6, 2020, 11:26am
17
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.