error nginx cannot load certificate path/fullchain.pem appears when we test the NGINX service after we delete certified Let’s Encrypt generated with Certbot.
content
In the server the error appears like:
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Background eroare nginx
In a previous article I have shown how you can delete the fields that have been hosted in the server but which are no longer active in the past. Delete old domains Certbot certificates (Let’s Encrypt Certificate).
When you delete SSL certificates for active fields, which are still hosted on the server, by order: sudo certbot delete
, the certificate is erased automatically, but it remains active in sessions until the service restarts nginx
. At the Ningin -T command (service testing) you can surprise the test to fail with the above error. But the solution is very simple.

Fix nginx: [emerg] cannot load certificate fullchain.pem
When installing an SSL certificate Let’s Encrypt By quarrel, in the configuration file of the NGINX for the domain, there are some lines that indicate the existence of the certificate. When the certificate is deleted, the lines remain in Ningin Config and must be deleted manually. I mean the lines below:
.....
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com;
listen 80;
return 404; # managed by Certbot
After deleting these lines from the Confg Ninx file of the field for which you have eliminated the SSL certificate, execute the order nginx -t
to check if everything is ok.
[root@server]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server]#
Now you can safely restart the service nginx.