Error in issuing certificates with kelunik/acme-client on Hostinger

Hi,

I have a "Business" shared hosting plan from Hostinger.
It offers the possibility to setup up to 100 websites, but unfortunately only 1 Let's Encrypt certificate :anguished:

So I try to follow the tutorial they published from 2015 to 2017, before they removed it when they started to charge their automated procedure.

This procedure uses kelunik / acme-client (PHP).

The first steps are working fine:

  • Connection in SSH
  • kelunik/acme-client cloning
  • Downloading and installing composer
  • Registering with Let's Encrypt (just add "--agree-terms" in the command to make it work)

But I have an error with the last step, Step 3, with the process of generating the SSL certificate.
This command...
php bin/acme issue --domains mydomain.com:www.mydomain.com --path /home/u000000093/domains/mydomain.com/public_html:/home/u000000093/domains/mydomain.com/public_html --server letsencrypt

...generates this error message:

Amp\Parallel\Worker\TaskFailureException:
 Uncaught Amp\File\FilesystemException in worker with message "Failed to
 change owner for 
'/home/u000000093/acme-client/data/certs/acme-v02.api.letsencrypt.org.directory/mydomain.com/key.pem':
 chown(): Operation not permitted" and code "0"; use 

Amp\Parallel\Worker\TaskFailure Exception::getOriginalTrace() for the 
stack trace in the worker in 
/home/u000000093/acme-client/vendor/amphp/parallel/lib/Worker/Internal/TaskFailure.php:63Next
 Amp\File\FilesystemException: The file operation failed in 
/home/u000000093/acme-client/vendor/amphp/file/src/Driver/ParallelDriver.php:132Next

Kelunik\AcmeClient\Stores\KeyStoreException: Could not save key: The 
file operation failed in 
/home/u000000093/acme-client/src/Stores/KeyStore.php:54

It seems related to "Failed to change owner" for the "key.pem" file. "Operation not permitted".
Of course, as I'm on a shared hosting, I can't log with the "root" account.
But I don't think it's required as this exact same procedure, written by Hostinger, was working perfectly fine without.

At last FYI, in the command processing log, before the error message we can see 2 times 3 certificates and at least a first "key.perm" file is generated. But the certificate it contains is none of the 3 we can see in the log.

Any idea? :-/

Thanks!

P.S.: I've tried to contact kelunik (post a message on the dedicated blog page) but so far got no answer.
P.S.2: I'm not trying to contact Hostinger at this stage as they already declined giving support to this procedure in the past, since they sell an automated one (cf. 4th last comment below the Hostinger procedure).

1 Like

Hi @FTP, and welcome to the LE community forum :slight_smile:

I can't say that I'm familiar with this ACME client...
But I do find some things odd and wondered if you could test a bit.
I looked for "chown" in the source code but did not find it :frowning:
I assume you have the latest client (0.2.14).
As a test, please try:

php bin/acme issue \
--domains mydomain.com:www.mydomain.com \
--path home/u000000093:/home/u000000093  \
--server letsencrypt
1 Like

Here you go:

is called which is calling a changeowner() function here:

2 Likes

By the way, other ACME clients not requireing root such as getssl should also work. Maybe @griffin s PHP client might also work? Perhaps even with cPanel integration @griffin ?

2 Likes

Certainly possible. I haven't integrated the cPanel piece into the totally revamped 1.0.0 code yet. I should be releasing 1.0.0 by tomorrow.

Sorry for the late reply and thanks for all your answers!

No, I have the 1.0.0 Beta 1, the one currently automatically cloned.

Nope, doesn't work:
Kelunik\AcmeClient\Stores\ChallengeStoreException: Document root doesn't exist: 'home/u000000093' in /home/u952100093/acme-client/src/Stores/ ChallengeStore.php:25

We're supposed to set the path up until the website root folder.

It looks like the issue was already discussed 5 years ago and is supposed to be fixed:

Well, I'm first trying to fix this issue as this procedure/tool was the official Hostinger procedure/tool.
But indeed, if I can't fix it, I may look for other clients.

2 Likes

I guess it did not fix it in the end.. Maybe you can edit the script yourself and fix it though :slight_smile:

2 Likes

You should know that, in general, adding another ACM client won't require the removal of any existing ones.
So you can try as many as you like ... until you find one that works!
[without having to remove any of them - until you decide to do so]

1 Like

Maybe. I've opened a new ticket, I'll see if the author is reactive.

Not sure I have the skills to fix it myself :blush:

1 Like

I think that in the file Stores/KeyStore.php the line:

                yield File\changeOwner($file, 0600);

should be:

                yield File\changePermissions($file, 0600);

Using the value "0600" does not make any sense for changeOwner, as the value should be a user ID in that case. "0600" looks like a file permission in octal format.

You can see clearly in the following modification from about a month ago, it was incorrectly changed:

From chmod to changeOwner... Which is incorrect obviously.

4 Likes

Unless "0600" is the userID - LOL

You're right, of course!

1 Like

Of course I am. :wink: :stuck_out_tongue:

2 Likes

I confirm, you're right! :grinning_face_with_smiling_eyes:

I changed the function in the PHP file and I could issue the certificate!
Thanks for your support, I saved time! :+1: :grinning:

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.