SSLCertificateKeyFile: file '/etc/letsencrypt/keys/0000_key-certbot.pem' does not exist or is empty

jmathew · December 30, 2019, 1:38pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: rrm.altogethr.com

I ran this command: apachectl -D DUMP_VHOSTS

It produced this output: AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/default-ssl.conf:

SSLCertificateKeyFile: file ‘/etc/letsencrypt/keys/0000_key-certbot.pem’ does not exist or is empty

Action ‘-D DUMP_VHOSTS’ failed.

My web server is (include version): Server version: Apache/2.4.18 (Ubuntu)
Server built: 2019-09-16T13:13:53

The operating system my web server runs on is (include version): Ubuntu 16.04.6 LTS

My hosting provider, if applicable, is: Amazon

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.27.0

orangepizza · December 30, 2019, 1:48pm

firstly with obvious. did you check if that file is exist?
and if you don’t have permission sometimes it says that file is not exsit- because it can’t read

jmathew · December 30, 2019, 3:06pm

Yup. File exists:

$ sudo ls -l /etc/letsencrypt/keys

-rwxr-xr-x 1 root root 1704 Dec 30 00:34 0000_key-certbot.pem

mnordhoff · December 30, 2019, 8:49pm

Did you run apachectl as root?

FWIW, /etc/letsencrypt/keys/ basically contains internal files. Software is intended to be configured to use /etc/letsencrypt/live/ for things.

jmathew · December 30, 2019, 9:10pm

I was executing the following:
sudo /etc/init.d/apache2 restart

And my installation does not contain a “live” subdirectory under /etc/letsencrypt

mnordhoff · December 30, 2019, 9:15pm

The Apache error doesn’t make much sense, then.

(Could some kind of AppArmor or systemd rules be blocking it?)

Do you have any Let’s Encrypt certificates on that instance?

jmathew · December 30, 2019, 9:18pm

I verified Let’s encrypt certificates by executing the following:

https://crt.sh/?q=rrm.altogethr.com

mnordhoff · December 30, 2019, 9:21pm

But the most recent certificate was issued almost 2 months ago.

The fact that you have a “0000_key-certbot.pem” file created today suggests that it might be a new installation.

(FYI, crt.sh currently doesn’t display any certificates issued since November 24, I checked another site too.)

jmathew · December 30, 2019, 9:31pm

I just executed sudo certbot --apache to retrieve another certificate and get the following:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

Which names would you like to activate HTTPS for?

1: rrm.altogethr.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for rrm.altogethr.com

Error while running apache2ctl graceful.

httpd not running, trying to start

Action 'graceful' failed.

The Apache error log may have more information.

Unable to restart apache using ['apache2ctl', 'graceful']

Cleaning up challenges

Error while running apache2ctl graceful.

httpd not running, trying to start

Action 'graceful' failed.

The Apache error log may have more information.

Unable to restart apache using ['apache2ctl', 'graceful']

Encountered exception during recovery: 

Traceback (most recent call last):

File "/usr/lib/python2.7/dist-packages/certbot/error_handler.py", line 108, in _call_registered

self.funcs[-1]()

File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 310, in _cleanup_challenges

self.auth.cleanup(achalls)

File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 2132, in cleanup

self.restart()

File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 1995, in restart

self._reload()

File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 2023, in _reload

raise errors.MisconfigurationError(error)

MisconfigurationError: Error while running apache2ctl graceful.

httpd not running, trying to start

Action 'graceful' failed.

The Apache error log may have more information.

Error while running apache2ctl graceful.

httpd not running, trying to start

Action 'graceful' failed.

The Apache error log may have more information.

system · January 29, 2020, 9:31pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SSLCertificateFile: file doesnt exist or is empty Help	34	16093	December 20, 2020
SSLCertificateFile: file '/private/etc/apache2/server.crt' does not exist or is empty Help	33	22259	April 19, 2019
SSLCertificateKeyFile: file '/etc/letsencrypt/live/glm-upport.fr/privkey.pem' does not exist or is empty Help	3	24	January 17, 2025
Could not open configuration file /etc/letsencrypt/options-ssl-apache.conf: No such file or directory Help	47	16386	August 23, 2020
SSLCertificateFile: file '/etc/letsencrypt/live/example.com/cert.pem' does not exist or is empty Help	8	9738	January 5, 2017

SSLCertificateKeyFile: file '/etc/letsencrypt/keys/0000_key-certbot.pem' does not exist or is empty

Related topics