I have a "Business" shared hosting plan from Hostinger.
It offers the possibility to setup up to 100 websites, but unfortunately only 1 Let's Encrypt certificate
So I try to follow the tutorial they published from 2015 to 2017, before they removed it when they started to charge their automated procedure.
This procedure uses kelunik / acme-client (PHP).
The first steps are working fine:
Connection in SSH
kelunik/acme-client cloning
Downloading and installing composer
Registering with Let's Encrypt (just add "--agree-terms" in the command to make it work)
But I have an error with the last step, Step 3, with the process of generating the SSL certificate.
This command... php bin/acme issue --domains mydomain.com:www.mydomain.com --path /home/u000000093/domains/mydomain.com/public_html:/home/u000000093/domains/mydomain.com/public_html --server letsencrypt
...generates this error message:
Amp\Parallel\Worker\TaskFailureException:
Uncaught Amp\File\FilesystemException in worker with message "Failed to
change owner for
'/home/u000000093/acme-client/data/certs/acme-v02.api.letsencrypt.org.directory/mydomain.com/key.pem':
chown(): Operation not permitted" and code "0"; use
Amp\Parallel\Worker\TaskFailure Exception::getOriginalTrace() for the
stack trace in the worker in
/home/u000000093/acme-client/vendor/amphp/parallel/lib/Worker/Internal/TaskFailure.php:63Next
Amp\File\FilesystemException: The file operation failed in
/home/u000000093/acme-client/vendor/amphp/file/src/Driver/ParallelDriver.php:132Next
Kelunik\AcmeClient\Stores\KeyStoreException: Could not save key: The
file operation failed in
/home/u000000093/acme-client/src/Stores/KeyStore.php:54
It seems related to "Failed to change owner" for the "key.pem" file. "Operation not permitted".
Of course, as I'm on a shared hosting, I can't log with the "root" account.
But I don't think it's required as this exact same procedure, written by Hostinger, was working perfectly fine without.
At last FYI, in the command processing log, before the error message we can see 2 times 3 certificates and at least a first "key.perm" file is generated. But the certificate it contains is none of the 3 we can see in the log.
Any idea? :-/
Thanks!
P.S.: I've tried to contact kelunik (post a message on the dedicated blog page) but so far got no answer.
P.S.2: I'm not trying to contact Hostinger at this stage as they already declined giving support to this procedure in the past, since they sell an automated one (cf. 4th last comment below the Hostinger procedure).
I can't say that I'm familiar with this ACME client...
But I do find some things odd and wondered if you could test a bit.
I looked for "chown" in the source code but did not find it
I assume you have the latest client (0.2.14).
As a test, please try:
By the way, other ACME clients not requireing root such as getsslshould also work. Maybe @griffin s PHP client might also work? Perhaps even with cPanel integration @griffin ?
We're supposed to set the path up until the website root folder.
It looks like the issue was already discussed 5 years ago and is supposed to be fixed:
Well, I'm first trying to fix this issue as this procedure/tool was the official Hostinger procedure/tool.
But indeed, if I can't fix it, I may look for other clients.
You should know that, in general, adding another ACM client won't require the removal of any existing ones.
So you can try as many as you like ... until you find one that works!
[without having to remove any of them - until you decide to do so]
I think that in the file Stores/KeyStore.php the line:
yield File\changeOwner($file, 0600);
should be:
yield File\changePermissions($file, 0600);
Using the value "0600" does not make any sense for changeOwner, as the value should be a user ID in that case. "0600" looks like a file permission in octal format.
You can see clearly in the following modification from about a month ago, it was incorrectly changed:
From chmod to changeOwner... Which is incorrect obviously.
