Unable to generate cert - acme.sh/certbot on ghost installation

Tommy3 · March 1, 2019, 6:01pm

I have a ghost blog installation on Ubuntu 16.04 and while trying to generate a cert for my subdomain with acme.sh which is tied with nginx and my ghost installation through ghost-cli, when I installed my blog it allowed me to auto-generate a certificate automatically for my main domain which I would use on my blog.

I wasn’t able to install acme.sh issuing the following commands:

curl https://get.acme.sh | sh

Output:

Installing to /etc/letsencrypt
cp: cannot create regular file '/etc/letsencrypt/acme.sh': Permission denied
Install failed, can not copy acme.sh

I tried issuing commands and it doesn’t work with sudo (sudo: acme.sh: command not found) or if running as root (bash: acme.sh: command not found.)

And if I run any command without sudo or root it just states permission denied.

/etc/letsencrypt/acme.sh: line 1951: /etc/letsencrypt/mysub.domain.com/mysub.domain.com.conf: Permission denied
/etc/letsencrypt/acme.sh: line 3219: /etc/letsencrypt/ca/acme-v01.api.letsencryp     t.org/account.key: Permission denied
cat: /etc/letsencrypt/ca/acme-v01.api.letsencrypt.org/account.key: Permission denied

I installed Certbot, but it has the same issue, permission denied

Any ideas on how I should get this to work? Been at this for several days already because I need my subdomain with HTTPS for a plugin to function.

Osiris · March 1, 2019, 6:09pm

Are you running the commands as root?

Tommy3 · March 1, 2019, 6:56pm

As sudoer, root and normal user. I mentioned the errors I get in the OP when running with the aforementioned:

(sudo: acme.sh: command not found) or if running as root (bash: acme.sh: command not found.)

_az · March 1, 2019, 7:56pm

This seems like a bug with ghost-cli, if anything.

acme.sh does not touch anything in /etc/ unless it is instructed to - its defaults are totally non-privileged: $HOME/.acme.sh/ . I would guess that ghost-cli is nominating another location but not dealing with privilege level properly.

It might be worth cross-posting your question to the Ghost/ghost-cli issue tracker or discussion forum.

Tommy3 · March 1, 2019, 7:58pm

I thought it was a bug as well and reported this to ghost and they quickly dismissed it as a bug.

_az · March 1, 2019, 7:59pm

Could you link to your report? We can try to look at how it’s calling acme.sh.

Tommy3 · March 1, 2019, 10:42pm

I grabbed the errors that could shed light on how it can access acme.sh.

Message: Command failed: /bin/sh -c sudo -S -p ‘#node-sudo-passwd#’ /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /var/www/ghost/system/nginx-root --reloadcmd “nginx -s reload” --accountemail domain@example.com
#node-sudo-passwd#

Error occurred running command: '/bin/sh -c /home/<user>/.acme.sh/acme.sh --issue --domain <domain> --webroot /var/www/<ghost install folder>/system/nginx-root --accountemail <email>'

/bin/sh -c /usr/bin/nodejs /usr/lib/node_modules/ghost-cli/node_modules/.bin/greenlock certonly --agree-tos --email <email> --webroot --webroot-path /var/www/test-ghost-2/root --config-dir /etc/letsencrypt --domains <domain> --server https://acme-v01.api.letsencrypt.org/directory'

rg305 · March 2, 2019, 6:10pm

Looks like two different locations...

system · April 1, 2019, 6:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.