Shoutcast access to letsencrypt certs

MikeMcQ · April 1, 2025, 8:51pm

Normally that should be fullchain.pem not just cert.pem

Without fullchain your server does not send the matching intermediate cert. This may prevent browsers from treating it as a trusted connection.

MattMski · April 1, 2025, 9:08pm

Sorry, I got that from someone else. 644 would be a better idea?

MattMski · April 1, 2025, 9:09pm

Thanks for the recommendation. Changed that and it's still working after server restart

Bruce5051 · April 1, 2025, 9:12pm

Hi @MattMski,

Mine are -rw------- which is 600 for Private Keys, you do not want just anyone to be able to read the Private Keys!

hbilbrey · April 1, 2025, 9:19pm

Ok, had to add my user to be able to do sudo, then did as you suggested, but I still get the same thing. Is there a way to verify this shoutcast user has the permissions now?

Should I change that from 0755 to 600 as suggested?

MattMski · April 1, 2025, 9:35pm

Make sure you did both live and archive directories.

If you want to verify, ls -l /etc/letsencrypt/live/domain.net/privkey.pem

It'll either show you the files or permission denied

hbilbrey · April 1, 2025, 9:43pm

Yes, I did both but if I try the ls -l /usr/local/psa/var/modules/letsencrypt/etc/live/rock101klol.com/ is returns:
shoutcast.2.6.1.777]$ ls -l /usr/local/psa/var/modules/letsencrypt/etc/live/rock101klol.com/
ls: cannot access /usr/local/psa/var/modules/letsencrypt/etc/live/rock101klol.com/: Permission denied

If I use: sudo ls -l /usr/local/psa/var/modules/letsencrypt/etc/live/rock101klol.com/
It lists the files.

9peppe · April 1, 2025, 10:01pm

You want to have eXecute on the directories, but you don't need it on the files.

I'd like the third number to be zero, but that will break your system if you run shoutcast as another user. This is one of the reasons nginx and apache usually start as root and then drop privileges.

You can also use a deploy hook to copy and chown fullchain and key.

hbilbrey · April 2, 2025, 4:50am

So:

sudo chmod +x /usr/local/psa/var/modules/letsencrypt/etc/live/rock101klol.com/
sudo chmod +x /usr/local/psa/var/modules/letsencrypt/etc/archive/rock101klol.com/
sudo chmod -R 0600 /usr/local/psa/var/modules/letsencrypt/etc/live/rock101klol.com/
sudo chmod -R 0600 /usr/local/psa/var/modules/letsencrypt/etc/archive/rock101klol.com/

But why doesn't it seem to be working? I still cannot view these directories. It's still not working.

9peppe · April 2, 2025, 6:35am

There's a lot we don't know about your setup, like what's your acme client and what user it runs as.

I know nothing about plesk and the assumptions it makes.

Topic		Replies	Views
Logfile /var/log/letsencrypt/letsencrypt.log Help	2	1731	December 16, 2021
Howto get a Let' Encrypt certficate for my website Help	2	729	May 10, 2018
New to LetsEncrypt Help	34	2865	October 29, 2021
Update letsencrypt command with -d subdomainsitename Help	7	565	January 10, 2020
Is There a Problem with Let's Encrypt? Help	3	502	July 3, 2024

Shoutcast access to letsencrypt certs

Related topics