BUG: NGINX config error due to missing dpharams.pem

Hi guys,

had a problem on two servers when adding a site with let’s encrypt certificate for my own domain. It threw an error while creating the site, here’s the last part of the log shown on cleavr:

[Fri 02 Sep 2022 01:33:00 PM UTC] Run reload cmd: service nginx force-reload [Fri 02 Sep 2022 01:33:00 PM UTC] Reload success * Testing nginx configuration ...fail!

The nginx config test failed, so I ssh into the server and run “nginx -t”:

# nginx -t
nginx: [emerg] BIO_new_file("/etc/nginx/dhparams.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/nginx/dhparams.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed

The dpharams.pem file is missing. So I generated it manually:

openssl dhparam -out /etc/nginx/dhparams.pem 4096

After it finished, there were no more issues when testing the nginx config and the site is working. I assume the file should get generated automatically when installing nginx, which however didn’t happened for me. I could reproduce this on two servers, so maybe there’s something to look after. :upside_down_face:

Best Greetings :v:

Hi @Jeazyee,

Thanks for bringing this to our attention!

Could you please provide some additional repro steps? I’m wondering if this is happening on a specific hosting provider?

I tried with 2 different custom server providers. The steps were:

  1. Add a plain server
  2. Add MariaDB service to the server
  3. Add WordPress Site with custom domain and SSL

I am not sure if I added nginx service to the server before adding the site. PHP was definitely not installed, it got installed on creation of the WordPress site.

Would you be able to share the name of the hosting provider?

It were a netcup vps and an oracle cloud a1.flex instance. From the oracle cloud one I removed all iptable rules as the pre-configurations from oracle could cause issues. The netcup vps does not have any pre-configurations and firewall configs.