Hi. I have installed Certbot through homebrew on my Mac (High Sierra) to get the certificate for a website hosted on a shared server where I can’t login to a root shell. I used “sudo certbot certonly --manual” and seemed to work but I had no permission to access the “/etc/letsencrypt/live” folder. I manually changed the permissions, so I could open it, but the .pem files had the arrow that “alias or shortcuts” files have and when I tried to open them I got an error message saying that the file was missing. I tried a few times with the same result. I checked https://crt.sh/ and the certificates were issued (which means that I burnt out the 5 certificates that “Let’s Encrypt” allow a week).
Any help would be apreciated. Thanks
My domain is: e4u-reports.com
I ran this command: sudo certbot certonly --manual
My web server is (include version): Shared Apache hosting
I can login to a root shell on my machine (yes or no, or I don’t know): No
Thanks for your answer sahsanu.
I did manually removed the previos certificates to start fresh.
After writing my last post I realised that the “/etc/letsencrypt/archive/” folder also had System access only. When I changed the permissions I could access the certificates. Even though I use an administrator account, Certbot created some folders that I can’t access unless I manually change the permissions manually. Those folders are: “accounts”, “archive”, “keys” and “live”. Is that normal? I am new to Certbot, so I wonder if there is something I didn’t set correctly to have this problem.
Yes, it is normal. certbot creates the dirs in a way that only "root" can access them to prevent any user in the system to be able to get your private keys. I don't use Mac so I've no idea what perms have an administrator account and how it differs from a system account so I can't help here but it is not a good idea to delete dirs/files nor change the perms inside /etc/letsencrypt/.
I understand. The problem is that I need to access the files to install the certificate on the server, but I guess I can just reset the permissions when I am done.