Permissions issue after installing Lets Encrypt

March 9, 2016 5k views
Let's Encrypt Linux Basics CentOS

After installing Lets Encrypt, on my LEMP server on CentOS 7, i am unable to restart nginx.
The issue seems to be that for some reason I don't have anymore permissions to the subfolders of /etc/letsencrypt/. not even using sudo the command...
i get the error:

/etc/letsencrypt/live/: Permission denied

the permissions are set to:

drwxr-xr-x   8 root root 4096 feb  6 22:27 .
drwxr-xr-x. 86 root root 4096 mar  9 22:11 ..
drwx------   3 root root 4096 feb  6 22:26 accounts
drwx------   4 root root 4096 mar  9 22:12 archive
drwxr-xr-x   2 root root 4096 mar  9 22:12 csr
drwx------   2 root root 4096 mar  9 22:12 keys
drwx------   4 root root 4096 mar  9 22:12 live
drwxr-xr-x   2 root root 4096 mar  9 22:12 renewal

What should the permissions be? and how should i change them?

Thanks ahead!

1 comment
  • Same issue here.i just followed digitalocean tutorials about this and used non-root to install nginx and letsencrypt.it's done.
    But nginx cannot access to "/etc/letsencrypt/live/domain.com/.." for privkey.pem and fullchain.pem.
    So, i cannot use this free SSL thing in DO droplets..............
    I hope DO will share the secure permissions for letsencrypt folders and let nginx reach there w/o problems.

4 Answers

Hello,

Those permissions seem to match what I have on a fresh setup of let's Encrypt

drwxr-xr-x  8 root root 4.0K Dec 25 10:18 .
drwxr-xr-x 96 root root 4.0K Jun  7 22:17 ..
drwx------  4 root root 4.0K Jun  7 22:40 accounts
drwx------  5 root root 4.0K Jun  7 22:51 archive
drwxr-xr-x  2 root root 4.0K Jun  7 22:51 csr
drwx------  2 root root 4.0K Jun  7 22:51 keys
drwx------  5 root root 4.0K Jun  7 22:51 live
drwxr-xr-x  2 root root 4.0K Jun  7 22:51 renewal

So I don't believe that's the issue. Where are you getting the permission error? What provided the output you gave with the permission denied?

Have you tried just using root directly, by switching to root with su? Can you run cd /etc/letsencrypt/live and move to the directory while using root or sudo?

Have you confirmed this is the problem with nginx as well? Make sure you have the ssl_certificate and ssl_certificate_key paths set correctly. I imagine it's an error in the Virtualhost, such as a typo, rather than Letsencrypt.

Any solution on this? I got the same. Setup a server and everything went well, except this:

$ cd /etc/letsencrypt/live

``
-bash: cd: /etc/letsencrypt/live: Permission denied

So my sites give an error with https

Very same issue here... Any advice?
I can "cd" with root after "sudo su", but I think I need to change permission to make it accessible with non-root user...

Found a solution for this:

  1. Change the user group and user owner from root to your user you are logged in with. This enables access to these directories

    sudo chgrp {username} live, 
    sudo chown {username} live, 
    sudo chgrp {username} keys, 
    sudo chown {username} keys, 
    sudo chown {username} api.{domain}.com, 
    sudo chgrp {username} api.{domain}.com, 
    sudo chgrp -h {username} privkey.pem, 
    sudo chown -h {username} privkey.pem, 
    sudo chown -h {username} fullchain.pem , 
    sudo chgrp -h {username} fullchain.pem
    
  2. Copy the files from the live folder to your project

    sudo cp /etc/letsencrypt/live/api.{domain}.com/fullchain.pem /home/{ProjectName}/bin/fullchain.pem
    sudo cp /etc/letsencrypt/live/api.{domain}.com/privkey.pem /home/{ProjectName}/bin/privkey.pem
    
  3. Use these certificates from your project(inside bin folder in server.js)

    var certFilePath = path.resolve(__dirname, "fullchain.pem");
    var keyFilePath = path.resolve(__dirname, "privkey.pem");
    var certKeyFile = fs.readFileSync(keyFilePath);
    var certFile = fs.readFileSync(certFilePath);
    var options = {
    key  : certKeyFile,
    cert : certFile
    };
    https.createServer(options, app).listen({port number}, function () {
    console.log('Started!');
    });
    
Have another answer? Share your knowledge.