Topic: Help! messed up my SSL and nginx won't start
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
I'm running (was) nginx. My letsencrypt certificate was expiring and one of the domains needed to be dropped (friend no longer kept the domain and I had it in my certificate).
So, I copied a backup of the letsencrypt directory and created a new ssl without the domains - no problem.
I can't get nginx to load. I killed my symlinks and recreated and I have problems
This is the error I get:
[root@mail ssl]# systemctl status nginx.service -l
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2022-09-09 10:55:35 EDT; 1min 31s ago
Process: 19874 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 19872 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Sep 09 10:55:35 mail.lifeassetsllc.com systemd[1]: Starting The nginx HTTP and reverse proxy server...
Sep 09 10:55:35 mail.lifeassetsllc.com nginx[19874]: nginx: [emerg] cannot load certificate key "/etc/pki/tls/private/iRedMail.key": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/pki/tls/private/iRedMail.key','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Sep 09 10:55:35 mail.lifeassetsllc.com nginx[19874]: nginx: configuration file /etc/nginx/nginx.conf test failed
Sep 09 10:55:35 mail.lifeassetsllc.com systemd[1]: nginx.service: control process exited, code=exited status=1
Sep 09 10:55:35 mail.lifeassetsllc.com systemd[1]: Failed to start The nginx HTTP and reverse proxy server.
Sep 09 10:55:35 mail.lifeassetsllc.com systemd[1]: Unit nginx.service entered failed state.
Sep 09 10:55:35 mail.lifeassetsllc.com systemd[1]: nginx.service failed.
[root@mail ssl]#
There was no file for /etc/ssl/private/iRedMail.key, so I created the directory and copied the privkey.pem file there from letsencrypt.
I have recreated the certificates with the dropped domains:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mail.lifeassetsllc.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mail.lifeassetsllc.com/privkey.pem
Your cert will expire on 2022-12-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
So, I have a new certificate, but frankly I'm stumped and my server is down (I only use webmail) until I fix it.
How do I relink my new certificate into nginx so that it will start correctly?
Help, I'm lost!!!!
Andrew
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.