- Plesk for Linux
Note: This article has the reference to the issue with the fix available:
"Under certain circumstances, if the web server restarted during the process of issuing a certificate, it could not access the certificate file, which resulted in failure to restart."
- Let’s Encrypt 3.2.0 31 August 2017
Daily Lets' Encrypt renewal task has renewed certificates.
During the process, nginx configuration test fails:
# nginx -t
Template_Exception: nginx: [emerg] BIO_new_file("/usr/local/psa/var/certificates/cert-7CIkBh") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/usr/local/psa/var/certificates/cert-7CIkBh','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
Apache configuration test fails:
# apache2ctl -t
ERR [panel] Apache config (15036435810.08219500) generation failed: Template_Exception: AH00526: Syntax error on line 51 of /etc/apache2/plesk.conf.d/vhosts/example.com.conf:
SSLCertificateFile: file '/opt/psa/var/certificates/cert-uYxEXC' does not exist or is empty
The issue is caused by Let's Encrypt extension bug with id #EXTLETSENC-213 : When a certificate is being renewed, the Apache web server is restarted before the certificate file is in place.
The bug has been fixed in Let's Encrypt version 2.3.
Upgrade Let's Encrypt extension to the latest version.
In case Let's Encrypt extension version is below 2.3 and the issue occurred, do the following:
1. Connect to the server using SSH
2. Execute commands:
# plesk repair web -sslcerts
# plesk repair web example.com