Losing permissions to the certificates after PC restart

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: pabloware.cc

I ran this command: Opening my server's .exe

It produced this output: Error: Couldn't access TLS certificate "C:\Certbot\live\www.pabloware.cc\fullchain.pem"

Caused by:
Access is denied. (os error 5)

My web server is (include version): Miniserve 0.22.0

The operating system my web server runs on is (include version): Windows 10 Pro 22H2

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don't know): I don't know, it's Windows.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.1.0

Basically, when I generate the certificate and input it into the app that uses it, it works just fine, however, when I restart my PC the app loses permissions to the file so it can't start.

Hi @rtkpX, and welcome to the LE community forum :slight_smile:

If you can't make the file permissions permanent, maybe you can copy the files to another location where the app does have access.
Note: If that works, you will have to do that every time the cert is renewed.


Can't because the certificates are not files, they are shortcuts and I can't access the original files since when I click "open file location" it does nothing.

You need to understand how links/shortcuts work.
If you use "copy" form a "command prompt" it should "work".


This seems to be common for certbot on Windows and is caused by the files being symbolic links to the real files which are in turn permissioned to the user that certbot ran as (Administrator). I think you can set the permissions on the files in C:\Certbot\archive so they are all readable by whatever user needs them (e.g. the account used by your server exe).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.