Unable to generate cert - acme.sh/certbot on ghost installation


I have a ghost blog installation on Ubuntu 16.04 and while trying to generate a cert for my subdomain with acme.sh which is tied with nginx and my ghost installation through ghost-cli, when I installed my blog it allowed me to auto-generate a certificate automatically for my main domain which I would use on my blog.

I wasn’t able to install acme.sh issuing the following commands:

curl https://get.acme.sh | sh


Installing to /etc/letsencrypt
cp: cannot create regular file '/etc/letsencrypt/acme.sh': Permission denied
Install failed, can not copy acme.sh

I tried issuing commands and it doesn’t work with sudo (sudo: acme.sh: command not found) or if running as root (bash: acme.sh: command not found.)

And if I run any command without sudo or root it just states permission denied.

/etc/letsencrypt/acme.sh: line 1951: /etc/letsencrypt/mysub.domain.com/mysub.domain.com.conf: Permission denied
/etc/letsencrypt/acme.sh: line 3219: /etc/letsencrypt/ca/acme-v01.api.letsencryp     t.org/account.key: Permission denied
cat: /etc/letsencrypt/ca/acme-v01.api.letsencrypt.org/account.key: Permission denied

I installed Certbot, but it has the same issue, permission denied

Any ideas on how I should get this to work? Been at this for several days already because I need my subdomain with HTTPS for a plugin to function.


Are you running the commands as root?


As sudoer, root and normal user. I mentioned the errors I get in the OP when running with the aforementioned:

(sudo: acme.sh: command not found) or if running as root (bash: acme.sh: command not found.)


This seems like a bug with ghost-cli, if anything.

acme.sh does not touch anything in /etc/ unless it is instructed to - its defaults are totally non-privileged: $HOME/.acme.sh/ . I would guess that ghost-cli is nominating another location but not dealing with privilege level properly.

It might be worth cross-posting your question to the Ghost/ghost-cli issue tracker or discussion forum.


I thought it was a bug as well and reported this to ghost and they quickly dismissed it as a bug.


Could you link to your report? We can try to look at how it’s calling acme.sh.


I grabbed the errors that could shed light on how it can access acme.sh.

Message: Command failed: /bin/sh -c sudo -S -p ‘#node-sudo-passwd#’ /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /var/www/ghost/system/nginx-root --reloadcmd “nginx -s reload” --accountemail domain@example.com

Error occurred running command: '/bin/sh -c /home/<user>/.acme.sh/acme.sh --issue --domain <domain> --webroot /var/www/<ghost install folder>/system/nginx-root --accountemail <email>'

/bin/sh -c /usr/bin/nodejs /usr/lib/node_modules/ghost-cli/node_modules/.bin/greenlock certonly --agree-tos --email <email> --webroot --webroot-path /var/www/test-ghost-2/root --config-dir /etc/letsencrypt --domains <domain> --server https://acme-v01.api.letsencrypt.org/directory'


Looks like two different locations…

closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.