Colleague thought /etc/pki/~ was redundant du to Letsencrypt, so they deleted it *Facepalm*,
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Colleague thought /etc/pki/~ was redundant du to Letsencrypt, so they deleted it *Facepalm*,
As the title says, colleague thought that /etc/pki was redundant since we use /etc/letsencrypt/~ so they rm -dr'd the it.
So now (after removing his admin privileges) I'm trying to fix our SSLs.
I decided to go back to square one and removed the Letsencrypt directories with he hopes that if I reran Certbot that fix it, but it came up With the error "SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty"
I tried recreating it manually as well as tried resinstalling Open SSL, but that didn't;t work either.
Can any one tell me what the file and permissions for the path need to be, please and thank you.
here's the full output when I tru to rerun Certbot:
Code:
sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apachectl configtest.
AH00526: Syntax error on line 100 of /etc/httpd/conf.d/ssl.conf:
SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apachectl configtest.\n\nAH00526: Syntax error on line 100 of /etc/httpd/conf.d/ssl.conf:\nSSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty\n",)
If the whole directory has been deleted, then I'd simply try to copy it from a new Linux installation. It should work without any issues.
cp -a to preserve the permissions or rsync -a, something to that effect.
Ideally you should be doing regular backups and simply restore your most recent one of /etc/pki.
Failing that, you could do "yum reinstall" of the packages that create /etc/pki and its subdirectories.
On my CentOS7 running "rpm -qf /etc/pki /etc/pki/* /etc/pki/*/* |sort -u" outputs those packages as:
ca-certificates-2017.2.14-71.el7.noarch
centos-release-7-4.1708.el7.centos.x86_64
couchbase-release-1.0-0.x86_64
filesystem-3.2-21.el7.x86_64
nss-3.28.4-15.el7_4.x86_64
openssl-1.0.2k-8.el7.x86_64
openssl-libs-1.0.2k-8.el7.x86_64
rsyslog-8.24.0-12.el7.x86_64
Note that any certificates (root, intermediate or your own domains) you had added after the initial install you'd have to re-add manually after re-install of the packages.
I wanted to say that I suggested copying the directory from a new OS instead of reinstalling the package, because the connection to the repositories might not be secure anymore (which might lead to additional configurations etc.), but then it occurred to me that at least the base repositories use http, not https.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
