Eroarea nginx cannot load certificate path/fullchain.pem apare cand testam serviciul NGINX dupa ce stergem certificate Let’s Encrypt generate cu Certbot.
In server eroarea apare de genul:
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Cuprins
Background eroare nginx
Intr-un articol precedent am aratat cum poti sterge din Certbot domeniile care au fost gazduite in trecut pe server dar care in prezent nu mai sunt active. Delete old domains Certbot certificates (Let’s Encrypt Certificate).
Atunci cand stergi certificate SSL pentru domenii active, care mai sunt gazduite pe server, prin comanda: sudo certbot delete
, certificatul este sters automat, insa el ramane activ in sesiuni pana la restartarea serviciului nginx
. La comanda nginx -t (testarea serviciului) poti avea surpiza ca testul sa esueze cu eroarea de mai sus. Rezolvarea este insa foarte simpla.
Fix nginx: [emerg] cannot load certificate fullchain.pem
Atunci cand instalezi un certificat SSL Let’s Encrypt prin Certbot, in fisierul de configurare al nginx pentru domeniu, se adauga cateva linii care indica existenta certificatului. Atunci cand certificatul este sters, liniile raman in nginx config si trebuie sterse manual. Adica liniile de mai jos:
.....
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com;
listen 80;
return 404; # managed by Certbot
Dupa ce stergeti aceste linii din fisierul confg nginx al domeniului pentru care ati eliminat certificatul SSL, executati comanda nginx -t
pentru a verifica daca totul este ok.
[root@server]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server]#
Acum puteti restarta in siguranta serviciul nginx.