Certification Files Pemission Denied

Hi Dears,

My domain is easybatch-qsi.maxmes.com.br.

I ran this command to install the certificate: sudo certbot certonly --standalone -d easybatch-qsi.maxmes.com.br

It produced this output: Successfully received certification

My web server is (include version): I don't have web server, but an IIOT software called Node-Red, that allows the https use.

The operating system of my server runs on is (include version): Amazon Linux 2023

Problem:

The certificate was generated with success. Then I appointed the fullchain.pem and privkey.pem in adequated parameters of Node-Red configuration file. But when the program is executed is show the message error 'permission denied, open '/etc/letsencrypt/live/easybatch-qsi.maxmes.com.br/fullchain.pem'.

I follow several recommendations about update permissions with chmod command, but without success.

Thanks,

Roberto

So the trick is to find out which user or group NodeRed is running as, then grant that user read permission on the folders (/etc/letsencrypt/live and /etc/letsencrypt/archive as the files in live as a symbolic link to the archive files).

Alternatively get certbot to output the certificate files to a path that the node red user/group can already read.

3 Likes

Hi Christopher,

Thanks for your attention! I believe that you are allrigth. I'm new in a Linux. I created a EC2 Amazon Linux instance in AWS Console. After I get the access using PutTY with a key generated by AWS. Whitin a PutTY session I installed the Node-Red and generate the LetsEncrypt certificate.

But I see that something is wrong. I noted that in the same session I don't get copy a simple text file to a diretory created with all permissions.

2 Likes

Off topic, but you may be interested to know PuTTY is capitalized the way it is.

TTY means TeleTYpe which has its origins in the teletypewriters that replaced Morse key operators in the telegraph system during the late 19th century. That same type of equipment found its way into computing as terminals in the mid 20th century.

As for your permissions issue...

You don't ever want to place a private key in a

It needs to be kept safe from everyone except extremely limited and authorized users.

This is why it was suggested to

One way of achieving that is to add the user to a group that already can access the folder, as long as it doesn't grant access to folders that the user should not be able to use.

If using the other suggestion of copying the files elsewhere (easily accomplished by calling a simple custom script with a deploy hook), you need to make sure that the private key is placed in a folder that is limited to acces only by authorized user accounts such as the one your Node-Red runs as.

4 Likes

Christopher, the problem was solved with your suggestion of to copy the key certificate files to directory with permissions where I was running Node-Red. But I also see that another solution without copy would be running Node-Red in the root user.

Thank you very much,

Roberto

4 Likes

I'm not sure that's such a wise option..

1 Like