nginx cannot load certificate fullchain.pem – Certbot Fix

Eroarea nginx cannot load certificate path/fullchain.pem apare cand testam serviciul NGINX dupa ce stergem certificate Let’s Encrypt generate cu Certbot.

In server eroarea apare de genul:

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Background eroare nginx

Intr-un articol precedent am aratat cum poti sterge din Certbot domeniile care au fost gazduite in trecut pe server dar care in prezent nu mai sunt active. Delete old domains Certbot certificates (Let’s Encrypt Certificate).

Atunci cand stergi certificate SSL pentru domenii active, care mai sunt gazduite pe server, prin comanda: sudo certbot delete, certificatul este sters automat, insa el ramane activ in sesiuni pana la restartarea serviciului nginx. في أمر Ningin -T (اختبار الخدمة) ، يمكنك مفاجأة الاختبار للفشل مع الخطأ أعلاه. لكن الحل بسيط للغاية.

Fix nginx: [emerg] cannot load certificate fullchain.pem

عند تثبيت شهادة SSL Let’s Encrypt عن طريق الشجار ، في ملف التكوين من NGINX للمجال ، هناك بعض الخطوط التي تشير إلى وجود الشهادة. عند حذف الشهادة ، تبقى الخطوط في تكوين Ningin ويجب حذفها يدويًا. أعني الخطوط أدناه:

.....    

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name example.com www.example.com;
    listen 80;
    return 404; # managed by Certbot

بعد حذف هذه الخطوط من ملف Confg Ninx للحقل الذي قمت بإلغاء شهادة SSL ، قم بتنفيذ الطلب nginx -t للتحقق مما إذا كان كل شيء على ما يرام.

• Delete old domains Certbot certificates (Let’s Encrypt Certificate)
• كيفية تثبيت SSL معتمد يدويًا لموقع الويب بدون CPANEL / VESTACP [Ningx]
• Certificate TLS / SSL – O noua limita a duratei de valabilitate impusa din septembrie 2020
• WP Super Cache vs. W3 Total Cache (WordPress Page Load Speed)
• Cum mutam un blog sau un website WordPress de pe HTTP pe HTTPS (NGINX)

[root@server]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server]# 

Acum puteti restarta in siguranta serviciul nginx.