Permissions issue after installing Lets Encrypt

After installing Lets Encrypt, on my LEMP server on CentOS 7, i am unable to restart nginx. The issue seems to be that for some reason I don’t have anymore permissions to the subfolders of /etc/letsencrypt/. not even using sudo the command… i get the error:

/etc/letsencrypt/live/: Permission denied

the permissions are set to:

drwxr-xr-x   8 root root 4096 feb  6 22:27 .
drwxr-xr-x. 86 root root 4096 mar  9 22:11 ..
drwx------   3 root root 4096 feb  6 22:26 accounts
drwx------   4 root root 4096 mar  9 22:12 archive
drwxr-xr-x   2 root root 4096 mar  9 22:12 csr
drwx------   2 root root 4096 mar  9 22:12 keys
drwx------   4 root root 4096 mar  9 22:12 live
drwxr-xr-x   2 root root 4096 mar  9 22:12 renewal

What should the permissions be? and how should i change them?

Thanks ahead!

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I know it’s been a couple years but I just wanted to mention that I also had this issue. I decided to just give in and go to the root user (easy enough to do…) sudo su - hope you find this helpful!

Found a solution for this:

  1. Change the user group and user owner from root to your user you are logged in with. This enables access to these directories
sudo chgrp {username} live, 
sudo chown {username} live, 
sudo chgrp {username} keys, 
sudo chown {username} keys, 
sudo chown {username} api.{domain}.com, 
sudo chgrp {username} api.{domain}.com, 
sudo chgrp -h {username} privkey.pem, 
sudo chown -h {username} privkey.pem, 
sudo chown -h {username} fullchain.pem , 
sudo chgrp -h {username} fullchain.pem
  1. Copy the files from the live folder to your project
sudo cp /etc/letsencrypt/live/api.{domain}.com/fullchain.pem /home/{ProjectName}/bin/fullchain.pem
sudo cp /etc/letsencrypt/live/api.{domain}.com/privkey.pem /home/{ProjectName}/bin/privkey.pem
  1. Use these certificates from your project(inside bin folder in server.js)
var certFilePath = path.resolve(__dirname, "fullchain.pem");
var keyFilePath = path.resolve(__dirname, "privkey.pem");
var certKeyFile = fs.readFileSync(keyFilePath);
var certFile = fs.readFileSync(certFilePath);
var options = {
   key  : certKeyFile,
   cert : certFile
https.createServer(options, app).listen({port number}, function () {

Very same issue here… Any advice? I can “cd” with root after “sudo su”, but I think I need to change permission to make it accessible with non-root user…