Let's Encrypt SSL Certificate File Not Found Error, but still working

Solution 1:

In my case the files and permissions where not the issue. I was trying to restart the server with apachectl restart or test the config (apachectl -t or apachectl configtest). The user running the command (me) simply didn't have the proper permissions to access the certificates. I just had to prefix the commands with sudo to run them as root! No more errors, the config test returns "Syntax OK" and I can restart the server. (OK I'm a bit embarrassed it took me so long to figure that one out...)

Solution 2:

After several sleepless nights, I finally got it to work. (overkill statement) We all know it was permissions, but exactly where was something to check.

I kept on working with /ect/letsencrypt/live and the directories and files under that. I kept changing permissions from the original to 0755 and 0777. What I did not immediately see was that /etc/letsencrypt/live was a link created from /etc/letsencrypt/archive and it had a 0700 permission. That's why it wasn't able to read the file. After changing the permission of /etc/letsencrypt/archive to 0755, apachectl configtest already responded with Syntax OK.

Although the original issue was resolved, I will refer this back to Let's Encrypt because this was all Auto Installation of Certificates. Something like this should not happen in "auto". But my setup might have something to do with the permission issue since I installed it using a non-root user (but I did sudo).

Hope this helps someone.

Solution 3:

Agreeing with timeSmith's answer that the permissions on these files and folders are intentionally tight, and should be left as 0700.

You need to run service httpd or apachectl commands as sudo so that these processes have root privileges and get read access to the letsencrypt certificate folders and files.

Solution 4:

As originally commented by Ian Terle, changing the permissions on the "live" directory now fixes the issue:

sudo chmod -R 0755 /etc/letsencrypt/live

Note: I was observing the same error as the OP.

This was confirmed on:
Ubuntu 16.04.2 LTS
Apache/2.4.18 (Ubuntu)

Solution 5:

The permissions on the cert files are best left very tight. To allow the appropriate processes access to the cert files: start apache using the following commands.

sudo service httpd start

Alternately restart gracefully using this command:

sudo service httpd graceful

Tags:

Ssl

Ssl Certificate

Lets Encrypt

Apache 2.4

Recent Posts