Nginx: [emerg] cannot load certificate

limjinkwang · 2024-11-20T09:10:55.843Z

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: jiyeon.kr

I ran this command: ddev restart

It produced this output:
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem, r) error:10000080:BIO routines::no such file)

My web server is (include version): nginx/1.27.2

The operating system my web server runs on is (include version):
macOS Monterey 12.7.5

My hosting provider, if applicable, is:
cafe24

I can login to a root shell on my machine (yes or no, or I don't know):
yes?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 3.0.1

limjinkwang · 2024-11-20T09:27:49.977Z

i'd like to thanks to reply this article in advance.

here is more information about path and authority.

sudo certbot certificates

Found the following certs:
Certificate Name: jiyeon.kr
Serial Number: 413124c217ed30822efbb52773890bad3bf
Key Type: ECDSA
Domains: jiyeon.kr
Expiry Date: 2025-02-17 10:58:17+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/jiyeon.kr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/jiyeon.kr/privkey.pem

ls -l /etc/letsencrypt/live/jiyeon.kr
total 8
-rwxr-xr-x 1 root _www 692 11 16 05:15 README
lrwxr-xr-x 1 root _www 33 11 19 20:56 cert.pem -> ../../archive/jiyeon.kr/cert7.pem
lrwxr-xr-x 1 root _www 34 11 19 20:56 chain.pem -> ../../archive/jiyeon.kr/chain7.pem
lrwxr-xr-x 1 root _www 38 11 19 20:56 fullchain.pem -> ../../archive/jiyeon.kr/fullchain7.pem
lrwxr-xr-x 1 root _www 36 11 19 20:56 privkey.pem -> ../../archive/jiyeon.kr/privkey7.pem

ls -l /Users/imjingwang/site/jiyeon-dot-kr/.ddev/data/certbot/conf/live/jiyeon.kr
total 0
lrwxr-xr-x 1 imjingwang staff 38 11 20 17:22 fullchain.pem -> ../../archive/jiyeon.kr/fullchain7.pem
lrwxr-xr-x 1 imjingwang staff 36 11 20 17:22 privkey.pem -> ../../archive/jiyeon.kr/privkey7.pem

imjingwang@imjingwang-ui-MacBookPro jiyeon.kr % ls -l /etc/letsencrypt/archive/jiyeon.kr
total 192
-rw-r--r-- 1 root staff 2823 11 19 20:56 fullchain7.pem
-rw-r--r-- 1 root staff 241 11 19 20:56 privkey7.pem

ls -l /Users/imjingwang/site/jiyeon-dot-kr/.ddev/data/certbot/conf/archive/jiyeon.kr
total 16
-rw------- 1 imjingwang staff 2823 11 20 17:22 fullchain7.pem
-rw------- 1 imjingwang staff 241 11 20 17:22 privkey7.pem
[/quote]

MikeMcQ · 2024-11-20T13:54:15.480Z

limjinkwang:

nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem"

limjinkwang:

Certificate Path: /etc/letsencrypt/live/jiyeon.kr/fullchain.pem

Did you copy the fullchain.pem from /etc/letsencrypt/... to /etc/nginx/ssl/... ?

Because normally your nginx config would refer to the files in /etc/letsencrypt/...

Osiris · 2024-11-20T17:05:31.665Z

limjinkwang:

/Users/imjingwang/site/jiyeon-dot-kr/.ddev/data/certbot/conf

Where does this path suddenly come from? Did you copy around the files for some reason? If so, why? We now already have three paths with certificates.. The original one in /etc/letsencrypt/, the one in /etc/nginx/ssl/ and also one in /Users/...etc../.. As Mike already said, that doesn't make much sense.. Why not simply use the files in /etc/letsencrypt/ indeed?

limjinkwang · 2024-11-22T08:13:15.216Z

/Users/imjingwang/site/jiyeon-dot-kr/.ddev/data/certbot/conf

I expected that situations would get better what if all the certificate files are located in container of DDEV.

Now I learned that you guys advised the path nginx usually accept as default.

even I relocated the path as you mentioned,

/Users/imjingwang/site/jiyeon-dot-kr/.ddev/nginx_full/jiyeon-dot-kr.conf
ssl_certificate /etc/nginx/ssl/live/jiyeon.kr/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/jiyeon.kr/privkey.pem;

i got almost same message.

iTerm2
nginx: [emerg] cannot load certificate "/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/ssl/live/jiyeon.kr/fullchain.pem, r) error:10000080:BIO routines::no such file)

MikeMcQ · 2024-11-22T15:52:01.754Z

limjinkwang:

even I relocated the path as you mentioned,
...
ssl_certificate /etc/nginx/ssl/live/jiyeon.kr/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/jiyeon.kr/privkey.pem;

No, we suggested those lines could use the Certbot directory:

ssl_certificate     /etc/letsencrypt/live/jiyeon.kr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jiyeon.kr/privkey.pem;

Or, copy the files from the Certbot directory to where your nginx config defines them. The error is from nginx saying it can't find or access the file you specified in the ssl_certificate definition.

Also, if you have containers you need to review your volume sharing. Make sure the Certbot directories are properly shared with the nginx container. You should consult support at a forum for your type of container.