Hi, I am having some issues with Certbot SSL certificates on a Debian VPS, I was wondering if someone could help me please.
First, I installed XMPP with Certbot using “webroot” since there was no actual webserver or page. This worked perfectly fine with no issues.
Then I’m trying to run Peertube on Nginx, but it says it can’t load and find the cert files, even though they are in the correct folder. I tried renewing the certbot files, but it didn’t help.
How do I transition these webroot cert files to Nginx cert files?
Hi,
Are you sure nginx user has right permissions to read cert files?
The root user can get in that letsencrypt folder, but the peertube user can’t. Is this the problem?
ls -l
lrwxrwxrwx 1 root root 44 May 21 05:43 cert.pem -> ../../archive/domainexample.com/cert2.pem
lrwxrwxrwx 1 root root 45 May 21 05:43 chain.pem -> ../../archive/domainexample.com/chain2.pem
lrwxrwxrwx 1 root root 49 May 21 05:43 fullchain.pem -> ../../archive/domainexample.com/fullchain2.pem
lrwxrwxrwx 1 root root 47 May 21 05:43 privkey.pem -> ../../archive/domainexample.com/privkey2.pem
I should do this?
chmod 7 [each one of the file names]
or do it to the folder?
Can you look at permissions on sources files, not links files?
1 « J'aime »
Where do I find the source files? I’m so sorry, I am not experienced. I only see one link command but it’s not the lets encrypt
In the letsencrypt folder, take a look at:
ls -l ../../archive/domainexample.com/
Peertube user must have read permission on cert files.
www-data user, not peertube user (nginx runs with www-data, and it is nginx that handles certificates.
Don’t do that, it could lead to serious security issues. Don’t change file and folders permissions.
What is the exact error message?
What’s in your nginx configuration file?
Yes, you’re right, I answered too fast, thanks 
May 21 04:28:24 exampledomain systemd[1]: Started A high performance web server and a reverse proxy server.
May 21 05:39:44 exampledomain systemd[1]: Reloading A high performance web server and a reverse proxy server.
May 21 05:39:44 exampledomain nginx[58108]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/[exampledomain.to]/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/[exampledomain.to]/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
May 21 05:39:44 exampledomain systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
May 21 05:39:44 exampledomain systemd[1]: Reload failed for A high performance web server and a reverse proxy server.
May 21 05:43:04 exampledomain systemd[1]: Stopping A high performance web server and a reverse proxy server...
May 21 05:43:04 exampledomain systemd[1]: nginx.service: Succeeded.
May 21 05:43:04 exampledomain systemd[1]: Stopped A high performance web server and a reverse proxy server.
May 21 05:43:48 exampledomain systemd[1]: Starting A high performance web server and a reverse proxy server...
May 21 05:43:48 exampledomain nginx[58174]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/[exampledomain.to]/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/[exampledomain.to]/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
May 21 05:43:48 exampledomain nginx[58174]: nginx: configuration file /etc/nginx/nginx.conf test failed
May 21 05:43:48 exampledomain systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
May 21 05:43:48 exampledomain systemd[1]: nginx.service: Failed with result 'exit-code'.
May 21 05:43:48 exampledomain systemd[1]: Failed to start A high performance web server and a reverse proxy server.
May 21 05:43:48 exampledomain systemd[1]: nginx.service: Unit cannot be reloaded because it is inactive.
May 21 05:44:38 exampledomain systemd[1]: Starting A high performance web server and a reverse proxy server...
May 21 05:44:38 exampledomain nginx[58201]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/[exampledomain.to]/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/[exampledomain.to]/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
May 21 05:44:38 exampledomain nginx[58201]: nginx: configuration file /etc/nginx/nginx.conf test failed
May 21 05:44:38 exampledomain systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
May 21 05:44:38 exampledomain systemd[1]: nginx.service: Failed with result 'exit-code'.
May 21 05:44:38 exampledomain systemd[1]: Failed to start A high performance web server and a reverse proxy server.
May 21 05:50:58 exampledomain systemd[1]: Starting A high performance web server and a reverse proxy server...
May 21 05:50:58 exampledomain nginx[58289]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/exampledomain.to/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/exampledomain.to/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
May 21 05:50:58 exampledomain nginx[58289]: nginx: configuration file /etc/nginx/nginx.conf test failed
May 21 05:50:58 exampledomain systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
May 21 05:50:58 exampledomain systemd[1]: nginx.service: Failed with result 'exit-code'.
May 21 05:50:58 exampledomain systemd[1]: Failed to start A high performance web server and a reverse proxy server.
May 21 05:51:58 exampledomain systemd[1]: Starting A high performance web server and a reverse proxy server...
May 21 05:51:58 exampledomain nginx[58304]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/exampledomain.to/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/exampledomain.to/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
May 21 05:51:58 exampledomain nginx[58304]: nginx: configuration file /etc/nginx/nginx.conf test failed
May 21 05:51:58 exampledomain systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
May 21 05:51:58 exampledomain systemd[1]: nginx.service: Failed with result 'exit-code'.
May 21 05:51:58 exampledomain systemd[1]: Failed to start A high performance web server and a reverse proxy server.
May 24 01:46:13 exampledomain systemd[1]: Starting A high performance web server and a reverse proxy server...
May 24 01:46:13 exampledomain nginx[113680]: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/exampledomain.to/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/exampledomain.to/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
May 24 01:46:13 exampledomain nginx[113680]: nginx: configuration file /etc/nginx/nginx.conf test failed
May 24 01:46:13 exampledomain systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
May 24 01:46:13 exampledomain systemd[1]: nginx.service: Failed with result 'exit-code'.
May 24 01:46:13 exampledomain systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Certificates at this folder don’t exist. Find your certificates and fix your nginx config. Take care about permissions for www-data user.