Wrong rights for /var/lib/letsencrypt/http_challenges (0700 instead of 0755)

I got no pb to renew certificate with certbot 0.35. No more the case with certbot 0.37.
After investigation, from Apache logs, it looks that challenge stored in directory /var/lib/letsencrypt/http_challenges cannot be verified from Internet because permissions are missing:

[Tue Sep 24 10:08:43.171287 2019] [core:error] [pid 6014] (13)Permission denied: [client 34.222.229.130:47916] AH00035: access to /.well-known/acme-challenge/nVPlFyGywdSRd5AVU-YdDNNatcIX4JwD8OdWZ0e9jzw denied (filesystem path ‘/var/lib/letsencrypt/http_challenges/nVPlFyGywdSRd5AVU-YdDNNatcIX4JwD8OdWZ0e9jzw’) because search permissions are missing on a component of the path

admin.kliflex.webcom.orange.com
I ran this command:
certbot --apache --agree-tos -m "xxxxxx@orange.com" --no-eff-email --no-redirect --rsa-key-size 4096 --keep-until-expiring -d admin.kliflex.webcom.orange.com

It produced this output:

My web server is (include version): Apache
The operating system my web server runs on is (include version):CentOS 7.6

Hi @ORich

then add the correct permissions to that path:

Should be 0755.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.