During installation and SSL setup - nginx fails by:
nginx: [emerg] cannot load certificate "/etc/letsencrypt/vanthletic.com/fullchain.cer": BIO_new_file()
Think I hit this problem:
No ecc specified, but domain.com.conf: Le_Keylength=‘ec-256’ and the directory is created: /root/.acme.sh/domain.com_ecc/
Question: Is it possible to workaroind the error? I tried :
A temp fix is to add --keylength 2048/4096
without success
Details
- What’s your URL? https://vanthletic.com/
- What version of Ghost are you using? 5.44.0
- What configuration? Ubuntu 22.04.2 LTS / nginx/1.18.0
- What errors or information do you see in the console? - see below
- What steps could someone else take to reproduce the issue you’re having?
- install new ghost and setup SSL
- or by command -
ghost setup nginx ssl
Command:
sudo /etc/letsencrypt/acme.sh --upgrade --home /etc/letsencrypt
+ sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain vanthletic.com --webroot /var/www/vat/system/nginx-root --reloadcmd "nginx -s reload" --accountemail xxx@gmail.com
Error
nginx: [emerg] cannot load certificate "/etc/letsencrypt/vanthletic.com/fullchain.cer": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/vanthletic.com/fullchain.cer, r) error:10000080:BIO routi>
Ghost installation ends by:
+ sudo nginx -s reload
✖ Setting up SSL
One or more errors occurred.
1) CliError
Message: Failed to restart Nginx.
Debug Information:
OS: Ubuntu, v22.04.2 LTS
Node Version: v16.19.1
Ghost Version: 5.44.0
Ghost-CLI Version: 1.24.0
Environment: production
Command: 'ghost setup nginx ssl'
1 Like
If I run:
/etc/letsencrypt/acme.sh --home "/etc/letsencrypt" --list
the output is:
vanthletic.com "ec-256"
Trying to remove the certificate by:
sudo /etc/letsencrypt/acme.sh --home "/etc/letsencrypt" --remove -d vanthletic.com
Doesn’t remove it?
Any suggestions are welcome.
Change the nginx config to the ecc certificates.
The issue is solved for now.
I got the same problem.
When I set up ghost setup nginx ssl for my subdomain (www), I got
✖ Setting up SSL
One or more errors occurred.
1) CliError
Message: Failed to restart Nginx.
Debug Information:
OS: Ubuntu, v22.04.1 LTS
Node Version: v16.17.0
Ghost Version: 5.43.0
Ghost-CLI Version: 1.24.0
Environment: production
Command: 'ghost setup nginx ssl'
and then $ sudo nginx -t and I got the same error as you.
How do you change the nginx config to the ecc certificates ?
and is it solve the problem?
Thank you for your time!
Hey,
In my case I’ve did:
- Check the certificates in folder: /etc/letsencrypt
ls /etc/letsencrypt
Certificate was generated as example.com_ecc
- Then go to /etc/nginx/sites-available
Find file for the site: example.com-ssl.conf
- Update the paths on lines starting with:
ssl_certificate by adding _ecc:
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/vanthletic.com.key;
This is working fine for me. Not sure if this is the correct way to resolve it.
I’ve tried by generation of old format certificate - which didn’t work.
3 Likes
Hi,
Thank you very much for the reply.
I managed to do the same as you did and it works now
I think it’s correct since the file name generated from letsencrypt isn’t the same as in the ssl path generated in ssl.conf file. After I changed it, nginx runs perfectly. 
1 Like
This worked for me. Thank you
Not sure why the ssl certificates were created in a different folder path with _ecc suffix
1 Like
The problem is a bug shared above.
Most probably will be resolved in near future.