Unable to read .pem generated keys, and they look like aliases


#1

Hello,

I have a shared hosting whith possibility to add ssl certificates trough cPanel.
So, I manually generated a certificate on my mac with the following command :
./letsencrypt-auto certonly --manual -d mydomain.com
And I succeed verifying it on my shared hosting.

But the problem is that I need now to copy/paste my certificate and private key to cPanel and the .pem generated by letsencrypt in the /etc/letsencrypt/live/mydomain.com/ looks like aliases… I don’t if this is normal or not but it’s impossible to open them. Their average weight is about 40 bytes.


#2

Yes, they are aliases (symbolic links, specifically) to the latest versions of those files for your certificate files. You should be able to load them in a tool like TextWrangler or even TextEdit and it’ll open the file to which it is pointing.


#3

You should be able to look in /etc/letsencrypt/archive/example.com and see the full certificates. Be careful in here, and don’t move or delete anything, and note that they are suffixed with a number that puts them into groups.


#4

Thanks to both of you, I found the certificates in the archive folder.

Nonetheless, there must be a problem with the symbolic links, since they point to their exact place, in other words each alias points to itself:

When I try to open them I get the following error :
Impossible to perform the operation because the original element of "privkey.pem" is not found.

Anyway, I’ll use the archive certificates for now.


#5

I’m on Mac OS X 11 (El Capitan) too, and I think I know what’s is happening, now a mac administrator by default is rootless, for some reason.

if you do: groups

It lacks the wheel group, which is needed for at least read those files.

so… I see two options, you try to add your user to the wheel group, and then you will be able to read those files.

Or you do sudo su for entering into a root session and you make:
cat /etc/letsencrypt/live/domain.com/[...].pem

My recommendation is to do it with the root session, so you keep those certs protected under your password, otherwise someone with you laptop and Finder would be able to read and copy them. (a bit paranoid maybe)