I'm running Wordpress & LAMP stack on Ubuntu 20.04 on Oracle OCI.
Certs installed without any issues (certbot 0.40.0)
Just to check all was clean, I installed the Really Simple SSL plugin in Wordpress.
This plugin is giving me the following warning:
Your Key and Certificate directories are not properly protected. For more information, please read this article
The article goes on to state....
this warning occurs when your SSL certificate files aren’t protected. This happens when Really Simple SSL has created an ssl/certs and ssl/keys directory in your websites root folder. The public certificate (.crt) being available is not an issue, it’s the private key (.key) file that needs to be protected. To fix this issue, you can modify the file permissions to 644 for the .crt file and 600 for the .key file. You might have to ask your hosting provider to do this for you. Once this has been done, you can safely dismiss the notice.
I believe the Key & Certs are in the /etc/letsencrypt/live/domain_name directory.
I checked the permissions in this directory- its 777 on all files- which seems inappropriate. However, the files themselves appear to be symbolic links, rather than files.
root@webserver:/etc/letsencrypt/live/domain_name# ls -al
total 12
drwxr-xr-x 2 root root 4096 Mar 21 02:39 .
drwx------ 3 root root 4096 Mar 21 02:39 ..
-rw-r--r-- 1 root root 692 Mar 21 02:39 README
lrwxrwxrwx 1 root root 35 Mar 21 02:39 cert.pem -> ../../archive/domain_name/cert1.pem
lrwxrwxrwx 1 root root 36 Mar 21 02:39 chain.pem -> ../../archive/domain_name/chain1.pem
lrwxrwxrwx 1 root root 40 Mar 21 02:39 fullchain.pem -> ../../archive/domain_name/fullchain1.pem
lrwxrwxrwx 1 root root 38 Mar 21 02:39 privkey.pem -> ../../archive/domain_name/privkey1.pem
I subsequently checked the permissions of the files the above links are linking to.
root@webserver:/etc/letsencrypt/archive/domain_name# ls -al
total 28
drwxr-xr-x 2 root root 4096 Mar 21 02:39 .
drwx------ 3 root root 4096 Mar 21 02:39 ..
-rw-r--r-- 1 root root 1834 Mar 21 02:39 cert1.pem
-rw-r--r-- 1 root root 3750 Mar 21 02:39 chain1.pem
-rw-r--r-- 1 root root 5584 Mar 21 02:39 fullchain1.pem
-rw------- 1 root root 1704 Mar 21 02:39 privkey1.pem
Looking at the above files while referring to the initial warning I received...
It seems that the private key (privkey1.pem) is at 600 which seems appropriate. Everything else (cert1.pem, chain1.pem, fullchain1.pem) is at 644 which also seems appropriate.
So does anyone know the Very Simple SSL Plugin gives this warning? Or am I missing something obvious?
Any and all advice appreciated.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
Oracle OCI
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
OCI Console
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
certbot 0.40.0