I'm running SSL Certificates from Let's Encrypt. I've got them installed on my Ubuntu machine running Apache. The setup works fine and I can launch the website, see the green padlock and even got an A+ on SSL Labs.
The problem is that when I do apachectl configtest the server would return a file not found error:
SSLCertificateFile: file '/etc/letsencrypt/live/www.example.com/fullchain.pem' not exist or is empty.
But sudo service apache2 restart
works just fine.
I got this question running at Let's Encrypt Community but the issue hasn't been resolved yet.
sudo cat /etc/letsencrypt/live/www.example.com/fullchain.pem
works, returns valid certificate details.
sudo x509 -text -noout -in /etc/letsencrypt/live/www.example.com/fullchain.pem
does not work and returns the error below:
Error opening Certificate /etc/letsencrypt/live/www.example.com/fullchain.pem
139774254929568:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/letsencrypt/live/www.example.com/fullchain.pem.','r')
139774254929568:error:2007402:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
ubable to load certificate
Any ideas on why I'm getting errors on apachectl configtest and openssl?
Thanks guys!
Best Answer
In my case the files and permissions where not the issue. I was trying to restart the server with
apachectl restart
or test the config (apachectl -t
orapachectl configtest
). The user running the command (me) simply didn't have the proper permissions to access the certificates. I just had to prefix the commands withsudo
to run them as root! No more errors, the config test returns "Syntax OK" and I can restart the server. (OK I'm a bit embarrassed it took me so long to figure that one out...)