However, when I attempt the process I get the following:
Error while running nginx -c /etc/nginx/nginx.conf -t.
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
nginx: [emerg] BIO_new_file("/etc/letsencrypt/live/[myDir]/fullchain.pem") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/letsencrypt/live/[myDir]/fullchain.pem','r') error:2006D002:BIO routines:BIO_new_file:system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
Has anyone successfully done this before? Whats the strategy here?
I believe the actual error from the four line of logs is the third line, you’ll need to give your user permission to access the /etc/letsencrypt/ folder so it could get all the certificate files.
Also, on the second line, the warning simply means you don’t need the user directive since you aren’t running nginx in root / sudo user.
P.S. If you are using certbot, it’s actually intended to run in root / super user, and you might be able to use acme.sh or something similar to run certificate issurance / renewals without super user / root access.(if the program have permission to access all the folder it need)
Thanks for the reply. You are right that I need to give the user access - I actually did, but for some reason it kept saying that error :/.
Regardless, I am looking for some high level guidance here. So I appreciate the note on certbot being intended for root. I will investigate acme.sh. Thank you.
Keeping this open to hear if others have implemented a satisfactory solution in the past.
Certbot indeed requires root/sudo access. So I switched to acme.sh and use the webroot method. Works great.
Essentially I:
1.) created non root user
2.) gave user specific access to run certain commands
3.) installed acme.sh
4.) issued new certs using webroot method
5.) Switched nginx confix to use new certs
If you have questions about my implementation you can reach me at clayton@cloudpano.com or by checking out my 360 virtual tour software which uses these certs. Happy to help. Thanks and all the best.