nginx cannot load certificate fullchain.pem – Certbot Fix

error nginx cannot load certificate path/fullchain.pem appears when we test the NGINX service after we delete certified Let’s Encrypt generated with Certbot.

In the server the error appears like:

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Background eroare nginx

In a previous article I have shown how you can delete the fields that have been hosted in the server but which are no longer active in the past. Delete old domains Certbot certificates (Let’s Encrypt Certificate).

When you delete SSL certificates for active fields, which are still hosted on the server, by order: sudo certbot delete, the certificate is erased automatically, but it remains active in sessions until the service restarts nginx. At the Ningin -T command (service testing) you can surprise the test to fail with the above error. But the solution is very simple.

Fix nginx: [emerg] cannot load certificate fullchain.pem

When installing an SSL certificate Let’s Encrypt By quarrel, in the configuration file of the NGINX for the domain, there are some lines that indicate the existence of the certificate. When the certificate is deleted, the lines remain in Ningin Config and must be deleted manually. I mean the lines below:

.....    

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name example.com www.example.com;
    listen 80;
    return 404; # managed by Certbot

After deleting these lines from the Confg Ninx file of the field for which you have eliminated the SSL certificate, execute the order nginx -t to check if everything is ok.

• Delete old domains Certbot certificates (Let’s Encrypt Certificate)
• How to install SSL certified manually for website without CPanel / Vestacp [ningx]
• Certificate TLS / SSL – A new limit of the validity duration imposed on September 2020
• WP Super Cache vs. W3 Total Cache (WordPress Page Load Speed)
• How to move a blog or WordPress website from http to https (NGINX)

[root@server]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server]# 

Now you can safely restart the service nginx.