Commands leading to error (set cert from certbot and check apache configuration for errors):
sudo certbot -d example.com -d www.example.com
apachectl -t
Error:
SSLCertificateFile: file '/etc/letsencrypt/live/.../fullchain.pem' does not exist or is empty
This turned out to be a path permission error fixed by running these command (adding directory execution bit so paths can be traversed – permissions were 700, changed to 705):
sudo chmod 705 /etc/letsencrypt/archive
sudo chmod 705 /etc/letsencrypt/live
There might be another way to fix this issue since this would have been tested on certbot. I’m not sure why the path was not traversable on my system, so I’m just noting this workaround for future reference. In the past, I did not let certbot modify the config files. I would manually move/point the SSL files. Everything worked OK letting certbot automate everything, except for this path traversal issue that manifests itself as Apache reporting that the generated file does not exist. It does exist, but the permissions are set wrong. Perhaps certbot is supposed to be run as a different user (not root) or I have something else configured wrong.