TrueNAS 25.10.1 Goldeye, nginx won’t start after fixing full boot pool. Error is: cannot load certificate key /etc/certificates/truenas_default.key - file is missing. Private key exists in database but returns empty string when extracted. Certificate creation job returns ID but files are not written to /etc/certificates/
I’ve tried using AI to help with this but am making little to no progress. Have tried deleting and recreating truenas_default.crt and truenas_default.key multiple times with no success. Can someone please help?
This is a common aftermath of a full boot pool — the certificate creation job completed in the database but the actual key/cert files never got written to /etc/certificates/ because there was no disk space at the time. Even after freeing space, the middleware thinks the certificate already exists so it does not try to write the files again.
Fix: first confirm the boot pool has space now with df -h / to make sure that is actually resolved. Then go to the TrueNAS UI > Credentials > Certificates, delete the broken truenas_default certificate entirely. Create a new self-signed certificate from the same page (give it a name like truenas_default_new). Then go to System > General > GUI and set the GUI SSL Certificate to the new one you just created. Apply and restart the web service. This forces the middleware to generate fresh key and cert files from scratch with the space now available.
If the UI is not accessible because nginx is down, you can do it from the shell: midclt call system.general.update '{"ui_certificate": null}' to temporarily clear the cert requirement, then access the UI over HTTP to set up the new certificate properly.
1 Like
