Certbot Error 13 Permission denied: '/etc/letsencrypt'


#1

Please fill out the fields below so we can help you better.

My domain is: ds214.a1ltb6olsn15ghov.myfritz.net
I ran this command:

It produced this output:

My operating system is (include version): MAC OS X Vers.10.12

My web server is (include version): Synology DS214+ DSM6.0.2-8451 Update 2
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hello,
I want to get external access to my NAS thru the Router Fritzbox 7490, but when I run the command http:/ds214.a1ltb6olsn15ghov.myfritz.net:5001 I get the information that the Server is not save, an authorized Cert is missing. There is then the option for an exceptional access. This works, but this is not a permanent solution.
Synology offers in the DSM the automatic implementation of a Cert of Let’s Encrypt, however, it fails. That is why I now try to get this Cert manually. I followed the instructions for the installation of Homebrew and Certbot thru Terminal, but now I get stuck, because there is an error:

==> Summary
:beer: /usr/local/Cellar/openssl/1.0.2j: 1,695 files, 12M
==> Installing certbot
==> Downloading https://homebrew.bintray.com/bottles/certbot-0.9.3.sierra.bottle.tar.gz
######################################################################## 100,0%
==> Pouring certbot-0.9.3.sierra.bottle.tar.gz
:beer: /usr/local/Cellar/certbot/0.9.3: 1,965 files, 13.8M
Mac-Werner:~ Werner$ certbot certonly
The following error was encountered:
[Errno 13] Permission denied: '/etc/letsencrypt’
If running as non-root, set --config-dir, --logs-dir, and --work-dir to writeable paths.
Mac-Werner:~ Werner$

I have to admit that I got no clue on programming, hence, I do not understand what is written in Terminal - I just strictly followed the instructions. I read the note that the server must be configured to serve files from hidden directories. I do not know how to change this configuration accordingly.

My internet-provider runs IPv6 only. It is understood that Let’s Encrypt offers now IPv6 full support.

May I kindly ask for your help


#2

You will want to run sudo certbot ... rather than just certbot .... This will solve your problem and is the solution most often used.

Alternatively, you can follow the suggestion from this output:

To do this, include something like this on the command line:

--config-dir ~/.certbot/config --logs-dir ~/.certbot/logs --work-dir ~/.certbot/work

If you go this route, you may prefer to set this in a configuration file rather than including those flags on the command line every time you run certbot. To do this, create ~/.config/letsencrypt/cli.ini with contents like these:

config-dir=~/.certbot/config
work-dir=~/.certbot/work
logs-dir=~/.certbot/logs

#3

Hello,

Thank you very much for your instructions.
Indeed, I tried "sudo certbot“ and it seems to be working. I had to put in my domainname and my Email-Address, but then following error-message appeared:

Saving debug log to /var/log/letsencrypt/letsencrypt.log │
│ Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
│ Obtaining a new certificate │
│ Performing the following challenges: │
│ tls-sni-01 challenge for ds214.a1ltb6olsn15ghov.myfritz.net
│ No vhost exists with servername or alias of: │
ds214.a1ltb6olsn15ghov.myfritz.net (or it’s in a file with multiple │
│ vhosts, which Certbot can’t parse yet). No vhost was selected. │
│ Please specify ServerName or ServerAlias in the Apache config, or │
│ split vhosts into separate files. │
│ Falling back to default vhost *:443… │
│ Unable to save files: . Attempted Save Notes: Added Listen 443 │
│ directive to /etc/apache2/httpd.conf │
│ Cleaning up challenges

IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to office23@kratzmann.org.
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

What does this mean and how could we sort out this problem?

Best regards
Werner Kratzmann


#4

struggled and struggled. No idea why I didn’t run sudo… just… dumb.


#5

@bmw good explanation. Maybe we should improve the error message to suggest sudo as an alternative solution?


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.