Friday, January 19, 2018

apache 2.4 - Let's Encrypt SSL Certificate File Not Found Error, but still working



I'm running SSL Certificates from Let's Encrypt. I've got them installed on my Ubuntu machine running Apache. The setup works fine and I can launch the website, see the green padlock and even got an A+ on SSL Labs.



The problem is that when I do apachectl configtest the server would return a file not found error:



SSLCertificateFile: file '/etc/letsencrypt/live/www.example.com/fullchain.pem' not exist or is empty.



But sudo service apache2 restart works just fine.



I got this question running at Let's Encrypt Community but the issue hasn't been resolved yet.



sudo cat /etc/letsencrypt/live/www.example.com/fullchain.pem works, returns valid certificate details.



sudo x509 -text -noout -in /etc/letsencrypt/live/www.example.com/fullchain.pem


does not work and returns the error below:




Error opening Certificate /etc/letsencrypt/live/www.example.com/fullchain.pem
139774254929568:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/letsencrypt/live/www.example.com/fullchain.pem.','r')
139774254929568:error:2007402:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
ubable to load certificate


Any ideas on why I'm getting errors on apachectl configtest and openssl?



Thanks guys!



Answer



After several sleepless nights, I finally got it to work. (overkill statement) We all know it was permissions, but exactly where was something to check.



I kept on working with /ect/letsencrypt/live and the directories and files under that. I kept changing permissions from the original to 0755 and 0777. What I did not immediately see was that /etc/letsencrypt/live was a link created from /etc/letsencrypt/archive and it had a 0700 permission. That's why it wasn't able to read the file. After changing the permission of /etc/letsencrypt/archive to 0755, apachectl configtest already responded with Syntax OK.



Although the original issue was resolved, I will refer this back to Let's Encrypt because this was all Auto Installation of Certificates. Something like this should not happen in "auto". But my setup might have something to do with the permission issue since I installed it using a non-root user (but I did sudo).



Hope this helps someone.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...