I am setting matrix-homeserver on cloud and need to encrypt the domain name but its throwing an error . I am following uplcloud post (https://www.upcloud.com/support/install-matrix-synapse/) and on the step 6.(My vm is on azure , Ubuntu 17.04)
But i am getting this error(Access Denied). I have re setup several time… and have opened all the required ports… like 8448,8008,443.

File /etc/letsencrypt/live/matrix.domain.com/cert.pem config for tls_certificate doesn't exist. Try running again with --generate-config. Error Starting (Exit code: 1); See above for logs

But when i check with

sudo ls /etc/letsencrypt/live/matrix.domain.com

it shows:

cert.pem chain.pem fullchain.pem privkey.pem Readme

cert.pm seems to be a typo. The correct name for this file should be cert.pem. (PEM is a file format for cryptographic keys and certificates, which originally stood for “privacy-enhanced mail”.)

If you didn’t provide that filename anywhere, this is probably a bug in other software that you’re using (maybe the matrix-homeserver software itself?).

@schoen Sorry i made a typo while writing here. I m executing the command with cert.pem only.

Can you cat that file? Does it contain a certificate?

Yes i just did and it contains the certificate in the format

----Begin Certificate----
certificate
----End Certificate----

@schoen

Sounds like a Matrix bug to me, then! (Apparently you got the certificate just fine but it’s not willing to actually use it.) I’m not sure if anyone on this forum is familiar with that software, unfortunately.

Ohh … actually Both cloud and matrix is not my specialisation, i am a front-end guy. So, i was just wondering, can it be an issue related to permission or a cloud issue like i am using Azure.? @schoen

Well, you could run ls -l on the file to see the permissions. Perhaps the file isn’t readable to the user Matrix is running under.

@schoen thanks for that… I checked that and it showing that i have root access on that … But i am the admin user … i have the sudo privilege but still i don’t know whats wrong with this thing.

You might want to look for another forum where people will be more familiar with the specific software that you’re using. I just doubt anyone else here is familiar with matrix-homeserver.

Edit: or, at least put it in the title of the topic here to see if it attracts anyone’s attention.

Sure … I also think i need to look for another forum. I previously thought it can be related to letsencrypt. But i highly appreciate support that i have got today. So,quick. Thanks a lot once again

Just because you’re root doesn’t mean the software you’re running is.

If you run getent passwd on the machine in question, do you see a user account entry that looks like it could for your matrix software?

If so, try giving it read permissions. You can use ACLs to give that user account extra access without messing up your existing permissions / anything else:

setfacl -Rm 'u:<username>:rX,d:u:<username>:rX' /etc/letsencrypt/live

Replace <username> with the username you found in the previous step. (EDIT: the previous version of this command didn’t allow to list the contents of directories.)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.