错误 nginx cannot load certificate path/fullchain.pem 删除证书后测试NGINX服务时出现 Let’s Encrypt 产生于 Certbot.
在服务器中,错误显示如下:
nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/example.com/fullchain.pem": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/letsencrypt/live/example.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
内容
后台nginx报错
在上一篇文章中,我展示了如何从 Certbot 过去托管在服务器上但当前不再活动的域。 删除旧域 Certbot certificates (让我们加密证书).
删除证书时 SSL 对于仍然托管在服务器上的活动域,通过命令: sudo certbot delete
,证书会自动删除,但它在会话中保持活动状态,直到服务重新启动 nginx
. 使用 nginx -t 命令(测试服务),您可能会惊讶地发现测试失败并出现上述错误。 但是,解决方案非常简单。
修复了 nginx:[emerg] 无法加载证书 fullchain.pem
安装证书时 SSL Let’s Encrypt 由 Certbot,在域的nginx的配置文件中,添加几行表示证书的存在。 删除证书后,这些行保留在 nginx 配置中,必须手动删除。 即,以下几行:
.....
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com;
listen 80;
return 404; # managed by Certbot
从您删除证书的域的 nginx 配置文件中删除这些行后 SSL, 执行命令 nginx -t
检查是否一切正常。
[root@server]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server]#
现在您可以安全地重启服务了 nginx.