nginx cannot load certificate fullchain.pem – Certbot Fix

The error nginx cannot load certificate path/fullchain.pem appears when we test the NGINX service after deleting certificates Let’s Encrypt generated with Certbot.

In the server, the error appears like this:

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Background nginx error

In a previous article I showed how you can delete from Certbot the domains that were hosted on the server in the past but which are currently no longer active. Delete old domains Certbot certificates (Let's Encrypt Certificate).

When you delete certificates SSL for active domains, which are still hosted on the server, by command: sudo certbot delete, the certificate is deleted automatically, but it remains active in sessions until the service is restarted nginx. With the nginx -t command (testing the service) you may be surprised that the test fails with the above error. However, the solution is very simple.

nginx cannot load certificate
nginx cannot load certificate

Fixed nginx: [emerg] cannot load certificate fullchain.pem

When you install a certificate SSL Let’s Encrypt by Certbot, in the configuration file of nginx for the domain, a few lines are added indicating the existence of the certificate. When the certificate is deleted, the lines remain in nginx config and must be deleted manually. That is, the lines below:


    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

server {
    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    return 404; # managed by Certbot

After deleting these lines from the nginx confg file of the domain for which you removed the certificate SSL, execute the command nginx -t to check if everything is ok.

[root@server]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now you can safely restart the service nginx.

Passionate about technology, I enjoy writing on since 2006. I have a rich experience in operating systems: macOS, Windows, and Linux, as well as in programming languages and blogging platforms (WordPress) and for online stores (WooCommerce, Magento, PrestaShop).

How to » Web Hosting » nginx cannot load certificate fullchain.pem – Certbot Fix
Leave a Comment