CertSage ACME client (version 1.0.0) - easy webpage interface, no commands to type, root not required

@Usalabs, are you using any type of Panel at all?
If you have full control, you can just use a regular ACME client.

2 Likes

Access to my web server is direct via SSH PuTTY, and also I can use webmin if needed.

1 Like

@Usalabs, maybe you could elaborate more on the exact situation you are trying to test out...

Even the LE staging environment requires a valid FQDN.
The client would have to support the use of a private CA to pass your test (as I understand it thus far).

2 Likes

Since the mkdir is called from (a subfunction of) the class constructor from line 278 (on line 34), if it fails, the object itself won't be created, hence the undefined certsage object on line 980 and the subsequent missing version property (of the nonexistent object) on line 980.

All this simply means is that whatever context from which you're running PHP has insufficient permission to create the data directory. You can easily modify the data directory's location using the variable that @rg305 referenced on line 15 to somewhere with appropriate permissions for PHP to use.

2 Likes

I would try:
$dataDirectory = "~/CertSage";

2 Likes

I'm trying to test out the initial working of the script, so that if I deploy it to a live site, it would work as expected, I do this to all scripts, even HTML code, and one of the command issued by the script is to create a directory 1 level below the web root, which for some reason is denied, which means if I deploy it to a live site, then I would also get that same error.

The only difference between the test bed and my live site is the domain name, live site uses an FQDN, and the test bed uses an internal DNS name, but they are both the same OS and configs are the same, for Apache and PHP, which means when I test something on the test bed and as long as it doesn't need a configuration file that uses an FQDN, and errors show up, the same errors will present themselves on a live site.

1 Like

I do understand you; and the very first line of my very first response to you was in the direction of changing the installation path.

2 Likes

Do you mean the script install path or LetsEncrypt install path? If it's the php script, then the install path would be /var/www/html or the binary of letsencrypt is at /usr/bin/letsencrypt

1 Like

The default location of the data directory of CertSage is configured for cPanel users where the user's account directory sits directly above public_html. Admittedly, I did try to use several of PHP's inbuilt environment variables to deduce the location of the user's directory. Unfortunately, that information is not available from a web context. Hence, needed to make a static assumption. After adding the security code to prevent malicious use of CertSage by bad actors through the public web, I actually can add an input for the data directory upon initial creation. Something to consider going forward.

2 Likes

What binary? CertSage doesn't need any binaries outside the standard PHP libraries.

2 Likes

Woah there nellie lol, I think we may have wires crossed, if I read you reply right, you're assuming I have CertSage installed as a package, right?

1 Like

Just checking, you know CertSage is an alternative acme client for people who can't use certbot etc.

3 Likes

There is no package. It's a single, standalone PHP script.

2 Likes

This is correct. :slightly_smiling_face:

2 Likes

I just didn't know what you have a letsencrypt path for.

2 Likes

Hmm, then I really don't understand why it's not working right, as far as wanting to create a data directory at /var/www if the php script is at /var/www/html

Just to cjheck, what permissions is the script expecting and what user should be running it? All my web files are root:root but some are www-data:www-data

1 Like

It's likely that your PHP (in a browser context) doesn't have access to /var/www. You are free to modify the line 15 data directory to anywhere you like though. That's why I put it at the top of the code. :slightly_smiling_face:

2 Likes

Apparently the web service/PHP doesn't have rights to the folder above "html".
Neither should it ever have it.
This is designed to be contained to a specific user.
If it could step up, then it could go elsewhere too!

2 Likes

Not many people have tried CertSage in this type of setup before, so I'm glad to hear what's happening. Admittedly, the data directory location has been a pain throughout the design process since the web context is so restrictive for security reasons.

2 Likes

Exactly. That's the pain of working in the browser context. PHP won't even tell you where you are. :grin:

2 Likes