Problem Description
Failing to generate SSL cert via letsencrypt, even when being run as root.
Any Error Messages
root@srv-pfb68:~# sympl-ssl --verbose example.co.uk
- Examining certificates for example.co.uk
SSL set 0: Not valid for example.co.uk – certificate has expired (10)
SSL set 0: Not valid for example.co.uk – certificate has expired (10)
Current SSL set 0: signed by /C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3, expires 2020-09-20 09:00:26 UTC
The current set is no longer valid for this domain.
!! Failed: Permission denied @ apply2files - /srv/example.co.uk/config/ssl/current
Environment
smypl-core 9.200909.0
debian buster, all known updates applied.
root@srv-pfb68:~# ls -al /srv/example.co.uk/config/
drwxrws--x 5 sympl sympl 4096 Oct 23 2017 .
drwxr-xr-x 6 debian debian 4096 Jun 15 19:22 ..
-rw-rw---- 1 sympl sympl 4 Jan 13 2015 antispam
-rw-rw---- 1 sympl sympl 4 Jan 13 2015 antivirus
drwxrws--x 2 sympl sympl 4096 Jan 13 2015 blacklists
drwxrws--x 2 sympl sympl 4096 Jun 28 2011 dns
-rw-rw---- 1 sympl sympl 11 Sep 28 2015 ftp-password
drwxrws--x 4 sympl sympl 4096 Jun 22 10:00 ssl
-rw-rw---- 1 sympl sympl 25085 Mar 11 2016 webalizer.conf
root@srv-pfb68:~# ls -al /srv/example.co.uk/config/ssl/
total 16
drwxrws--x 4 sympl sympl 4096 Jun 22 10:00 .
drwxrws--x 5 sympl sympl 4096 Oct 23 2017 ..
lrwxrwxrwx 1 root sympl 7 Jun 22 10:00 current -> sets/0/
drwxrws--x 2 sympl sympl 4096 Oct 23 2017 letsencrypt
drwxrws--x 4 sympl ssl-cert 4096 Aug 21 06:48 sets
root@srv-pfb68:~# ls -al /srv/example.co.uk/config/ssl/letsencrypt/
total 12
drwxrws--x 2 sympl sympl 4096 Oct 23 2017 .
drwxrws--x 4 sympl sympl 4096 Jun 22 10:00 ..
-rw-rw---- 1 sympl sympl 1679 Oct 23 2017 account_key
and
root@srv-pfb68:~# ls -al /srv/example.co.uk/config/ssl/sets/
total 16
drwxrws--x 4 sympl ssl-cert 4096 Aug 21 06:48 .
drwxrws--x 4 sympl sympl 4096 Jun 22 10:00 ..
drwxrws--x 2 sympl ssl-cert 4096 Jun 22 10:00 0
drwxrws--x 2 sympl ssl-cert 4096 Aug 21 06:48 1
Renaming ‘sets’ to ‘sets.old’ and re-running sympl-ssl --verbose … seems to work, which implies it didn’t like the
drwxrws--x 4 sympl ssl-cert 4096 Aug 21 06:48 sets
as it’s now recreated it as :
drwxr-s--- 3 sympl ssl-cert 4096 Sep 22 10:47 sets
Is something else going on? I couldn’t seem to see any other permissions being different.
I think the directories/files were created by doing an rsync from an older symbiosis release on an older debian variant. But I have memory of there being a cron job that changes the ownership of /srv files for Sympl, in which case did it get something wrong?