SSL error when renewing certificate using certbot

My server is currently running fine with the old certificate issued using certbot.

When I try:

$ sudo certbot renew

Then I get:

Cert is due for renewal, auto-renewing…
Error while running nginx -c /etc/nginx/nginx.conf -t.

nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/live/mydomain/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed

I opened the file pem file and it seems fine to me… I mean it is working correctly at the moment.

Anybody know what the issue could be? Thanks.

Hi @rambowtech

looks like you use the public key as private key.

1 Like

I’m pretty sure reloading or restarting your nginx will give you the same error. Check your nginx.conf for references to the pem files and double-check if it’s correct. And post those references here, so we can triple-check you :wink:

Thanks!

    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem;
    ssl_dhparam /etc/letsencrypt/live/mydomain/dhparam.pem;

Nobody knows if that vHost is used.

So

  • your domain name is required
  • the result of nginx -T is required
1 Like

domain is rambow.tech

nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/letsencrypt/live/rambow.tech/fullchain.pem") failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
nginx: configuration file /etc/nginx/nginx.conf test failed

If nginx -T doesn’t work you have a great problem / a big mess. You have created that mess, so fix it.

Perhaps use your backup to restore a working configuration.

1 Like

Does it not fail exactly because of the SSL error?

it normally able to tell which file it faild to parse (like /etc/nginx/conf.d/yourhost.conf).
by the why, it looks like nginx can’t read the file so sees empty file? try run nginx -T as root

no start line:Expecting: ANY PRIVATE KEY

try run nginx -T as root

Thanks, I already did that (as super user, if that is what you mean), see above.

What’s the output of: ls -l /etc/letsencrypt/live/rambow.tech ?

And are those references you showed the only references? What does grep -Ri ssl_certificate /etc/nginx | grep -i rambow.tech show?

What’s the output of: `ls -l /etc/letsencrypt/live/rambow.tech ?

total 8
lrwxrwxrwx 1 root root 35 Apr 22 14:21 cert.pem -> …/…/archive/rambow.tech/cert1.pem
lrwxrwxrwx 1 root root 36 Apr 22 14:21 chain.pem -> …/…/archive/rambow.tech/chain1.pem
-rw-r–r-- 1 root root 1525 Apr 22 14:50 dhparam.pem
lrwxrwxrwx 1 root root 40 Apr 22 14:21 fullchain.pem -> …/…/archive/rambow.tech/fullchain1.pem
lrwxrwxrwx 1 root root 38 Apr 22 14:21 privkey.pem -> …/…/archive/rambow.tech/privkey1.pem
-rw-r–r-- 1 root root 692 Apr 22 14:21 README

And are those references you showed the only references? What does grep -Ri ssl_certificate /etc/nginx | grep -i rambow.tech show?

/etc/nginx/sites-enabled/rambowtech: ssl_certificate /etc/letsencrypt/live/rambow.tech/fullchain.pem;
/etc/nginx/sites-enabled/rambowtech: ssl_certificate_key /etc/letsencrypt/live/rambow.tech/privkey.pem;
/etc/nginx/sites-enabled/rambowtech.save: ssl_certificate /etc/letsencrypt/live/rambow.tech/fullchain.pem;
/etc/nginx/sites-enabled/rambowtech.save: ssl_certificate_key /etc/letsencrypt/live/rambow.tech/fullchain.pem;

@rambowtech If you look at the bottom table, you do see the error, right?

If you look at the bottom table, you do see the error, right?

I see. I fixed it, now everything is working. Thank you very much.

However, I don’t know how it got there. Do you know what that save-file is? I would assume it’s just some backup?

1 Like

Extensions don’t mean as much in unix/Linux OSes compared to Windows. Could be anything. Probably a backup indeed. A quick search on Google gave this thread: https://stackoverflow.com/questions/26210115/webserver-with-nginx-working-until-save-file-created There it’s suggested it could be a nano backup file not removed when a connection was interrupted during the editing of said file. Does this sound familiair?

I did indeed use nano to edit. Seems like an easy way to cause trouble with nginx, as it is configured to use all the files in that directory.

Good to know. Better get rid of it then. Thanks again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.