SSLCertificateFile: file doesnt exist or is empty

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:365gunfit.com

I ran this command:certbot -- apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 19 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/www.365gunfit.com/fullchain.pem' does not exist or is empty

My web server is (include version): Ubuntu 20.02

The operating system my web server runs on is (include version): LAMP

My hosting provider, if applicable, is: Digitalocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi

In order to clean setup, I have deleted ssl by using "certbot delete" command
An after that, I have tried to setup the certificate by "certbot -- apache" command but I am getting an error saying

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.

AH00526: Syntax error on line 19 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/www.365gunfit.com/fullchain.pem' does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apache2ctl configtest.\nAction 'configtest' failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 19 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:\nSSLCertificateFile: file '/etc/letsencrypt/live/www.365gunfit.com/fullchain.pem' does not exist or is empty\n")

Here is the line 19 of "/etc/apache2/sites-enabled/000-default-le-ssl.conf"

image

Can you please tell me how to fix it?

2 Likes

Hello. :slightly_smiling_face:

Are you using a load balancer?

What says sudo certbot certificates ?

What says sudo apachectl -S ?


You have a weird redirect in place that should be http://www.365gunfit.com to https://www.365gunfit.com.

Screenshot_20201115-222014_Samsung Internet


2 Likes

Hi

I am not usind load balancer. I just deleted the ssl certificate.

Here is the result of certbot certificates:
No certs found.

Result of apachectl -S:
AH00526: Syntax error on line 19 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/www.365gunfit.com/fullchain.pem' does not exist or is empty
Action '-S' failed.
The Apache error log may have more information.

1 Like

Considering that that certificate is still being served... :wink:

Me thinks you deleted your active certificate, which you never want to do. FYI It's something I'm going to take up with the certbot developers soon as a hole in their process.

If you were to restart apache right now, it would likely fail.

Did you run sudo apachectl -S or just apachectl -S ?

You will likely need to manually remove (or comment out) the usage of /etc/apache2/sites-enabled/000-default-le-ssl.conf .

I'll be back later (a few hours or so) to continue. If any other helpers come by they can pick this up in the meantime as I have laid the foundation to get you back on track.

It's possible that sudo certbot rollback might get things operational quickly...

2 Likes

I am logging with root user that's why I only typed apachectl -S

I thought using "certbot delete" command will get rid of everything but seems like it didn't

So I am stuck here.

Do you think I should remove this file "000-default-le-ssl.conf" ?

1 Like

You want to remove where the file is included in your configuration.

It will look like:
Include /etc/apache2/sites-enabled/000-default-le-ssl.conf

If you can't find it, just try commenting out the two SSLCertificate lines and reloading apache (sudo systemctl reload apache2). That may get things functioning.

If so...

certbot --cert-name www.365gunfit.com --apache -d "www.365gunfit.com,365gunfit.com"

I'll return later...

3 Likes

@griffin dude
It's worked.
I have deleted the file you mentioned and restarted the setup again and my website has been fully configured for both nonwww and www version.
Can you also please check my ssl is configured properly?
Thank you so much

Have a final question.
Do you think this redirection has been set properly? Because there are 2 redirections

2 Likes

You need a 301 redirect directly from http://www.365gunfit.com to https://www.365gunfit.com. Currently http://www.365gunfit.com first redirects to https://365gunfit.com then to https://www.365gunfit.com.

3 Likes

Hi Griffin

Here is redirection section of "000-default-le-ssl.conf" file

How can I make it to work as you described?

image

2 Likes

Those are commented out. What are the active rewrites (without the comment (#) marks).

2 Likes

This is the whole file

2 Likes

We need the configuration file with your port 80.

2 Likes

Is this what you mean?

image

2 Likes

Yep. :slightly_smiling_face:

Replace the last three Rewrite lines with:

RewriteCond %{HTTP_HOST} ^365gunfit.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.365gunfit.com [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=301]
1 Like

What is the point of comparing names in a vhost that only matches those same two names?
Those last four lines function as:

RewriteEngine on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=301]

Do you see the:

Servername 365gunfit.com
ServerAlias www.365gunfit.com

No other name will fit that gun (pun intended) !

2 Likes

Damn. Hive mind. :exploding_head:

There's still another redirect somewhere though from https non-www to https www.

@rg305

Isn't this also the default (catchall) vHost though?

I think it was from using %{SERVER_NAME} instead of %{HTTP_HOST} that the extra redirect came (http-www to https-non-www) because the SERVER_NAME is always 365gunfit.com even when www.365gunfit.com is requested.

2 Likes

Dear @griffin and @rg305

Thank you for your nice returns

But I am such a newbie guy when it comes to all sort of tech stuff :slight_smile:

Let me briefly summarize what I got on my side

I have CNAME configured with "www" version on Digitalocean hosting.
On my wordpress dashboard, my website and site adresses are both set to https://www.365gunfit.com

and ssl is installed and it asked me to If I want to redirect all traffic and I chose 2nd one.

From now on we have only one issue left which is redundant redirection.

3 Likes

Even if it were, you want everything to go to HTTPS.

2 Likes
curl -Iki http://365gunfit.com
HTTP/1.1 301 Moved Permanently
Location: https://365gunfit.com/

curl -Iki http://www.365gunfit.com
HTTP/1.1 301 Moved Permanently
Location: https://365gunfit.com/   <<< this redirect should include the "www"

curl -Iki https://365gunfit.com
HTTP/1.1 301 Moved Permanently
X-Redirect-By: WordPress
Location: https://www.365gunfit.com/

curl -Iki https://www.365gunfit.com
HTTP/1.1 200 OK
2 Likes

Wish I could understand what to do :slight_smile:

2 Likes