nginx cannot load certificate fullchain.pem – Certbot Fix

The error nginx cannot load certificate path/fullchain.pem appears when we test the NGINX service after deleting certificates Let’s Encrypt generated with Certbot.

In the server, the error appears like this:

nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

Background nginx error

In a previous article I showed how you can delete from Certbot the domains that were hosted on the server in the past but which are currently no longer active. Delete old domains Certbot certificates (Let's Encrypt Certificate).

When you delete certificates SSL for active domains, which are still hosted on the server, by command: sudo certbot delete, the certificate is deleted automatically, but it remains active in sessions until restartservice area nginx. With the nginx -t command (testing the service) you may be surprised that the test fails with the above error. However, the solution is very simple.

nginx cannot load certificate
nginx cannot load certificate

Fixed nginx: [emerg] cannot load certificate fullchain.pem

When you install a certificate SSL Let’s Encrypt by Certbot, in the configuration file of nginx for the domain, a few lines are added indicating the existence of the certificate. When the certificate is deleted, the lines remain in nginx config and must be deleted manually. That is, the lines below:

.....    

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name example.com www.example.com;
    listen 80;
    return 404; # managed by Certbot

After deleting these lines from the nginx confg file of the domain for which you removed the certificate SSL, execute the command nginx -t to check if everything is ok.

[root@server]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server]# 

Now you can restartthe service is safe nginx.

how to » Web Hosting » nginx cannot load certificate fullchain.pem – Certbot Fix

Passionate about technology, I like to test and write tutorials about operating systems macOS, Linux, Windows, about WordPress, WooCommerce and configure LEMP web servers (Linux, NGINX, MySQL and PHP). I write on StealthSettings.com since 2006, and a few years later I started writing on iHowTo.Tips tutorials and news about devices in the ecosystem Apple: iPhone, iPad, Apple Watch, HomePod, iMac, MacBook, AirPods and accessories.

Leave a Comment