Let's Encrypt SSL Certificate File Not Found Error, but still working
In my case the files and permissions where not the issue. I was trying to restart the server with
apachectl restart or test the config (
apachectl -t or
apachectl configtest). The user running the command (me) simply didn't have the proper permissions to access the certificates. I just had to prefix the commands with
sudo to run them as root! No more errors, the config test returns "Syntax OK" and I can restart the server. (OK I'm a bit embarrassed it took me so long to figure that one out...)
After several sleepless nights, I finally got it to work. (overkill statement) We all know it was permissions, but exactly where was something to check.
I kept on working with /ect/letsencrypt/live and the directories and files under that. I kept changing permissions from the original to 0755 and 0777. What I did not immediately see was that /etc/letsencrypt/live was a link created from /etc/letsencrypt/archive and it had a 0700 permission. That's why it wasn't able to read the file. After changing the permission of /etc/letsencrypt/archive to 0755,
apachectl configtest already responded with
Although the original issue was resolved, I will refer this back to Let's Encrypt because this was all Auto Installation of Certificates. Something like this should not happen in "auto". But my setup might have something to do with the permission issue since I installed it using a non-root user (but I did sudo).
Hope this helps someone.
Agreeing with timeSmith's answer that the permissions on these files and folders are intentionally tight, and should be left as
You need to run
service httpd or
apachectl commands as
sudo so that these processes have root privileges and get read access to the letsencrypt certificate folders and files.
As originally commented by Ian Terle, changing the permissions on the "live" directory now fixes the issue:
sudo chmod -R 0755 /etc/letsencrypt/live
Note: I was observing the same error as the OP.
This was confirmed on:
Ubuntu 16.04.2 LTS
The permissions on the cert files are best left very tight. To allow the appropriate processes access to the cert files: start apache using the following commands.
sudo service httpd start
Alternately restart gracefully using this command:
sudo service httpd graceful