Permissions issue after installing Lets Encrypt

After installing Lets Encrypt, on my LEMP server on CentOS 7, i am unable to restart nginx. The issue seems to be that for some reason I don’t have anymore permissions to the subfolders of /etc/letsencrypt/. not even using sudo the command… i get the error:

/etc/letsencrypt/live/: Permission denied

the permissions are set to:

drwxr-xr-x   8 root root 4096 feb  6 22:27 .
drwxr-xr-x. 86 root root 4096 mar  9 22:11 ..
drwx------   3 root root 4096 feb  6 22:26 accounts
drwx------   4 root root 4096 mar  9 22:12 archive
drwxr-xr-x   2 root root 4096 mar  9 22:12 csr
drwx------   2 root root 4096 mar  9 22:12 keys
drwx------   4 root root 4096 mar  9 22:12 live
drwxr-xr-x   2 root root 4096 mar  9 22:12 renewal

What should the permissions be? and how should i change them?

Thanks ahead!


Same issue here.i just followed digitalocean tutorials about this and used non-root to install nginx and’s done. But nginx cannot access to “/etc/letsencrypt/live/…” for privkey.pem and fullchain.pem. So, i cannot use this free SSL thing in DO droplets… I hope DO will share the secure permissions for letsencrypt folders and let nginx reach there w/o problems.

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I know it’s been a couple years but I just wanted to mention that I also had this issue. I decided to just give in and go to the root user (easy enough to do…) sudo su - hope you find this helpful!

Found a solution for this:

  1. Change the user group and user owner from root to your user you are logged in with. This enables access to these directories
sudo chgrp {username} live, 
sudo chown {username} live, 
sudo chgrp {username} keys, 
sudo chown {username} keys, 
sudo chown {username} api.{domain}.com, 
sudo chgrp {username} api.{domain}.com, 
sudo chgrp -h {username} privkey.pem, 
sudo chown -h {username} privkey.pem, 
sudo chown -h {username} fullchain.pem , 
sudo chgrp -h {username} fullchain.pem
  1. Copy the files from the live folder to your project
sudo cp /etc/letsencrypt/live/api.{domain}.com/fullchain.pem /home/{ProjectName}/bin/fullchain.pem
sudo cp /etc/letsencrypt/live/api.{domain}.com/privkey.pem /home/{ProjectName}/bin/privkey.pem
  1. Use these certificates from your project(inside bin folder in server.js)
var certFilePath = path.resolve(__dirname, "fullchain.pem");
var keyFilePath = path.resolve(__dirname, "privkey.pem");
var certKeyFile = fs.readFileSync(keyFilePath);
var certFile = fs.readFileSync(certFilePath);
var options = {
   key  : certKeyFile,
   cert : certFile
https.createServer(options, app).listen({port number}, function () {

Very same issue here… Any advice? I can “cd” with root after “sudo su”, but I think I need to change permission to make it accessible with non-root user…

Any solution on this? I got the same. Setup a server and everything went well, except this:

$ cd /etc/letsencrypt/live

-bash: cd: /etc/letsencrypt/live: Permission denied

So my sites give an error with https


Those permissions seem to match what I have on a fresh setup of let’s Encrypt

drwxr-xr-x  8 root root 4.0K Dec 25 10:18 .
drwxr-xr-x 96 root root 4.0K Jun  7 22:17 ..
drwx------  4 root root 4.0K Jun  7 22:40 accounts
drwx------  5 root root 4.0K Jun  7 22:51 archive
drwxr-xr-x  2 root root 4.0K Jun  7 22:51 csr
drwx------  2 root root 4.0K Jun  7 22:51 keys
drwx------  5 root root 4.0K Jun  7 22:51 live
drwxr-xr-x  2 root root 4.0K Jun  7 22:51 renewal

So I don’t believe that’s the issue. Where are you getting the permission error? What provided the output you gave with the permission denied?

Have you tried just using root directly, by switching to root with su? Can you run cd /etc/letsencrypt/live and move to the directory while using root or sudo?

Have you confirmed this is the problem with nginx as well? Make sure you have the ssl_certificate and ssl_certificate_key paths set correctly. I imagine it’s an error in the Virtualhost, such as a typo, rather than Letsencrypt.