Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:pennoi.com
I ran this command:getssl -d pennoi.com
It produced this output:getssl: for some reason could not reach http://pennoi.com/.well-known/acme-challenge/Odnq1PoS2G2IaZZtm7uSLlo98f9NqcZA5g8B79OxvD0 - please check it manually
My web server is (include version):httpd-2.2.15-69.el6.centos.x86_64
The operating system my web server runs on is (include version):CentOS release 6.10 (Final)
My hosting provider, if applicable, is:N/A
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):getssl downloaded March 2021
Description of issue
I initially installed getssl as root but I would like to run it as acme user. I followed the steps on Using Let’s Encrypt with getssl and minimal root usage #letsencrypt – FU-BAR
When I run "getssl pennoi.com" as the acme user I get this error
getssl: for some reason could not reach http://pennoi.com/.well-known/acme-challenge/Odnq1PoS2G2IaZZtm7uSLlo98f9NqcZA5g8B79OxvD0 - please check it manually
I ran "getssl -d pennoi.com" and found that the wellknown_url is using the old ACL (the one I set up as root) instead of the new ACL for acme user
wellknown_url http://pennoi.com/.well-known/acme-challenge/Odnq1PoS2G2IaZZtm7uSLlo98f9NqcZA5g8B79OxvD0
My acme user ACL is
ACL=('/var/www/html/letsencrypt/.well-known/acme-challenge')
My root user ACL is
ACL=('/var/www/html/.well-known/acme-challenge')
For some reason it's still appears to be using the old (root) ACL
Any help greatly appreciated
John