Nginx unable to find new certificate

alpinedockernginxssl-certificate

I use Nginx in a Docker container on Alpine. Used Certbot to generate a new certificate named my.domain.com-0004.

Replacing the certificate with either mv or cp resulted in an SSL protocol error and in logs Nginx was unable to see the file:

2024/04/22 08:41:34 [error] 46#46: *109 cannot load certificate "/etc/letsencrypt/live//fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live//fullchain.pem, r) error:10000080:BIO routines::no such file) while SSL handshaking, client: 34.32.209.4, server: 0.0.0.0:443

Replacing the previous certificate, everything started to work again. I've tried restarting the container without success.

Best Answer

If you look at your error message, you'll see "/etc/letsencrypt/live//fullchain.pem" as the name of the file it's trying to load. Your certificate is at /etc/letsencrypt/live/$ssl_server_name/fullchain.pem according to your cert.conf file. Seems fairly obvious to me that the variable $ssl_server_name has not been set and so is returning an empty string... and so it can't find your certificate because there isn't one where it's looking.

Related Solutions

Nginx Startup Fails – SSL No Such File or Directory

Are you sure that the Nginx user has access to the directory?

Also check the permissions of the .pem file, if Nginx cannot access it, it can show as 'no such file or directory'.

If the permissions are right, you might check the actual path again. How you pasted it (which I know you removed the dir) there is no beginning / which could be the problem.

EDIT

Try moving your SSL setup into the following structure (as well as change the nginx.conf to reflect):

sudo mkdir /etc/nginx/ssl
sudo chown -R root:root /etc/nginx/ssl
sudo chmod -R 600 /etc/nginx/ssl

Nginx could be failing on your .pem because the permissions are too open (need source to verify that Nginx does this) but the above setup should work fine.

Nginx – HTTPS does not work on Docker-Nginx

I think it was probably working the first time but you forgot -p 443:443 from the docker command line.

After you made changes, you copied to certificates to the wrong path.

It's expecting a cert file at: /etc/ssl/certificates.pem and you're copying them to: /etc/nginx/ssl

So try changing the docker file back to what you had initially and run it with -p 443:443.

Another way to run this is interactively for testing purposes.

docker run --net=host -ti yourcontainername /bin/bash

That'll create a shell in the container. You can double check the configs by checking the paths and cat'ing the config files.

Then run it up interactively with nginx -g "daemon off" Check it works, if all good then make required changes and run again.

Best Answer

Related Solutions

Nginx Startup Fails – SSL No Such File or Directory

Nginx – HTTPS does not work on Docker-Nginx

Related Topic