Topic: Help! messed up my SSL and nginx won't start
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
I'm running (was) nginx. My letsencrypt certificate was expiring and one of the domains needed to be dropped (friend no longer kept the domain and I had it in my certificate).
So, I copied a backup of the letsencrypt directory and created a new ssl without the domains - no problem.
I can't get nginx to load. I killed my symlinks and recreated and I have problems
This is the error I get:
[root@mail ssl]# systemctl status nginx.service -l
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2022-09-09 10:55:35 EDT; 1min 31s ago
Process: 19874 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=1/FAILURE)
Process: 19872 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Sep 09 10:55:35 mail.lifeassetsllc.com systemd: Starting The nginx HTTP and reverse proxy server...
Sep 09 10:55:35 mail.lifeassetsllc.com nginx: nginx: [emerg] cannot load certificate key "/etc/pki/tls/private/iRedMail.key": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/pki/tls/private/iRedMail.key','r') error:2006D080:BIO routines:BIO_new_file:no such file)
Sep 09 10:55:35 mail.lifeassetsllc.com nginx: nginx: configuration file /etc/nginx/nginx.conf test failed
Sep 09 10:55:35 mail.lifeassetsllc.com systemd: nginx.service: control process exited, code=exited status=1
Sep 09 10:55:35 mail.lifeassetsllc.com systemd: Failed to start The nginx HTTP and reverse proxy server.
Sep 09 10:55:35 mail.lifeassetsllc.com systemd: Unit nginx.service entered failed state.
Sep 09 10:55:35 mail.lifeassetsllc.com systemd: nginx.service failed.
There was no file for /etc/ssl/private/iRedMail.key, so I created the directory and copied the privkey.pem file there from letsencrypt.
I have recreated the certificates with the dropped domains:
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2022-12-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
- If you like Certbot, please consider supporting our work by:
So, I have a new certificate, but frankly I'm stumped and my server is down (I only use webmail) until I fix it.
How do I relink my new certificate into nginx so that it will start correctly?
Help, I'm lost!!!!
----Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Stable release is out.