[BlueOnyx:22712] Re: invalid cert letsencrypt
Tomohiro Hosaka
bokutin at gmail.com
Sun Feb 24 19:33:07 -05 2019
Hi.
I also got a similar error from yesterday.
As a result of examination, I found out that acme.sh is operating on umask 0027.
# fgrep acme /var/log/httpd/error_log | tail
[Mon Feb 25 08:56:00 2019] [error] [client 36.3.106.34]
mod_mime_magic: can't read
`/home/.acme/WZ07_OOEDRtIrOFksk7JlExUApqFuIauj1U_LYI6PRk'
[Mon Feb 25 08:56:00 2019] [error] [client 36.3.106.34] (13)Permission
denied: file permissions deny server access:
/home/.acme/WZ07_OOEDRtIrOFksk7JlExUApqFuIauj1U_LYI6PRk
[Mon Feb 25 09:06:41 2019] [error] [client 66.133.109.36]
mod_mime_magic: can't read
`/home/.acme/gnoptWZFVzp9bXEeeLm1peyYr4_-rLNO4nXaiLaHwRM'
[Mon Feb 25 09:06:41 2019] [error] [client 66.133.109.36]
(13)Permission denied: file permissions deny server access:
/home/.acme/gnoptWZFVzp9bXEeeLm1peyYr4_-rLNO4nXaiLaHwRM
[Mon Feb 25 09:06:44 2019] [error] [client 36.3.106.34]
mod_mime_magic: can't read
`/home/.acme/gnoptWZFVzp9bXEeeLm1peyYr4_-rLNO4nXaiLaHwRM'
[Mon Feb 25 09:06:44 2019] [error] [client 36.3.106.34] (13)Permission
denied: file permissions deny server access:
/home/.acme/gnoptWZFVzp9bXEeeLm1peyYr4_-rLNO4nXaiLaHwRM
[Mon Feb 25 09:13:57 2019] [error] [client 66.133.109.36]
mod_mime_magic: can't read
`/home/.acme/iPdu0NMac_Gf45uRV7h_2YIRmrmjh1GxbPWnohaO838'
[Mon Feb 25 09:13:57 2019] [error] [client 66.133.109.36]
(13)Permission denied: file permissions deny server access:
/home/.acme/iPdu0NMac_Gf45uRV7h_2YIRmrmjh1GxbPWnohaO838
[Mon Feb 25 09:13:59 2019] [error] [client 36.3.106.34]
mod_mime_magic: can't read
`/home/.acme/iPdu0NMac_Gf45uRV7h_2YIRmrmjh1GxbPWnohaO838'
[Mon Feb 25 09:13:59 2019] [error] [client 36.3.106.34] (13)Permission
denied: file permissions deny server access:
/home/.acme/iPdu0NMac_Gf45uRV7h_2YIRmrmjh1GxbPWnohaO838
# ls -alt /home/.acme
drwxr-xr-x 3 root root 4096 2月 25 03:49 2019 .
-rw-r----- 1 root root 87 2月 25 03:49 2019
stpjboYdlWKv4sDxfRUnypt6XeDgI8YUlTc1-UOhqh8
-rw-r----- 1 root root 87 2月 24 03:18 2019
jMUJ_Yc2NMm8cM_HNzXcgriCy8b2WK2IgJEDTUM9h0s
-rw-r----- 1 root root 87 2月 23 03:36 2019
sykYYLtK4lshvptUDveRMJRgzF2fOWdIzKP8VMPs3pY
-rw-r----- 1 root root 87 2月 22 03:32 2019
sEzuPRmmA6o2vVffGUMdXpQwjeBD3OO91l3JLvNMEV8
-rw-r----- 1 root root 87 2月 21 03:24 2019
LhfUzEkuQq5F3TNTkSnYgukeUkWzoE41DHmhrBMfcmc
-rw-r----- 1 root root 87 2月 20 03:46 2019
YsuRaWKPrYlO9ZHKwLTb76q2-YmsuiJnqpjDb03h4D4
-rw-r----- 1 root root 87 2月 19 03:15 2019
QWOvIc-1R8Ifhiel7VXb-BUXcWcupHJ5GBXPEgqpckE
-rw-r----- 1 root root 87 2月 18 03:30 2019
acaUgNlTTmzzCcTlRQXbcVdQ7dsrn_5b5EGofM5gQng
-rw-r----- 1 root root 87 2月 17 03:35 2019
otFMLENF3OMqGnhRffLxWlzVVp_MteDOFNEkPS62S0U
-rw-r----- 1 root root 87 2月 16 03:27 2019
RzbR8Jo9H2mR0oNc9l2bbfSFaF5MhLUCw1QQwz2x9jE
-rw-r----- 1 root root 87 2月 15 03:18 2019
3pAsCHt2ALiWeC3B-Wq2yrb4Q7TweUh-yIKPW-EVWKA
-rw-r----- 1 root root 87 2月 14 03:46 2019
VooZ4e4MtAMIZH6duwGZlJ2YW_45PpwMS3LTARaHg_E
-rw-r----- 1 root root 87 2月 13 03:12 2019
_b0OH2p5ZRLDciV4AE9P3Jd6cvWKqHwtiu2XpuVY2Ow
-rw-r----- 1 root root 87 2月 12 03:50 2019
t8DB7wURREeWFOQQwPRXC_w7r0B0hVncWNv9vYO5iaY
-rw-r----- 1 root root 87 2月 11 03:53 2019
1jgh2OK6MJghNhghRKHLDMLiEppBDPT17_jmwTNbC8w
-rw-r----- 1 root root 87 2月 10 03:35 2019
3A3HRPZvMiMiVZUu6nNzGye87PBRnRE5JlvRd6-AxKw
-rw-r----- 1 root root 87 2月 9 03:08 2019
F5zPAq5pleoBGQg8NRvNjRcmec0aleVYeZkW0TPpHk4
-rw-r----- 1 root root 87 2月 9 03:08 2019
xns5JBt7st3yTTPOYdIdX4pHxbdVXZkWzdpt_PTtIvg
-rw-r----- 1 root root 87 2月 8 03:24 2019
2IODzHZ-_jmOahcXwxiqDiqoAv5hy0_r35rmOasvXjY
-rw-r----- 1 root root 87 2月 8 03:24 2019
uV3VhxYu2Rl9QfFTHM_p9ZJlnCQ0hnJieo407Pmjjn8
-rw-r----- 1 root root 87 2月 7 03:07 2019
HemSwlaxxwEDSasMpwt4pLgkdKBbajZm89BMpLfh-p4
-rw-r----- 1 root root 87 2月 7 03:07 2019
f8cmQZx9lnNmroVzJG6KQigyzp6Iccrmn1HjtDpmjf4
-rw-r----- 1 root root 87 2月 6 03:43 2019
QtH26DeuACLRiY6c3l390foz2s382iwL7T7m12scY4Q
-rw-r----- 1 root root 87 2月 6 03:42 2019
ldy98EisvgMMyozOWkSAZL7ACLS6EG-3_nGxr_FEk58
-rw-r----- 1 root root 87 2月 5 03:41 2019
Zxh4Xur02AbIjxUx8LaJra3LoWxQC8VzU1x-6KdzsSk
-rw-r----- 1 root root 87 2月 5 03:41 2019
2uChDzKRLXk-GkY4otS7uW96ZJOsxp7HQfcj_2AlrGc
-rw-r----- 1 root root 87 2月 4 04:21 2019
689v9kv_8c5VmX1ErNiMYK8RLOM8EqQliNC5wsXpyD0
-rw-r----- 1 root root 87 2月 4 04:21 2019
Vdg4uROIWFSDYnV0j0TMOBfR5XUQomQhMLb1YgdopD4
-rw-r----- 1 root root 87 2月 3 03:20 2019
NV1N1hwBopeFzQDdB4cBLpcQ_FcOT8XUzUlBsRrFeD8
-rw-r----- 1 root root 87 2月 3 03:20 2019
nq2BwY27PrvruagKL_hlJFNSx97re8HkeArfU1bZk-U
-rw-r--r-- 1 root root 87 2月 2 03:50 2019
t_dgmZrfNin7fYA1-GjLQfFDBJoh_OAEUKmozDoMFjM <----- -rw-r--r--
-rw-r--r-- 1 root root 87 2月 2 03:50 2019
eTf6ALWlmBeTl2Jfc9VxBLoitPlz2Mpjw-qCX8Q3ov0
-rw-r--r-- 1 root root 87 2月 2 03:50 2019
SBp4xeuhNapgatN9FOeVrUY6E-tycbH7bCpduGo59tk
-rw-r--r-- 1 root root 87 2月 2 03:50 2019
o_7aUo_Yh1mKnZVT--udhnCG1tvWj63bMTubqQSRckc
-rw-r--r-- 1 root root 87 2月 2 03:50 2019
WxOHuKH1L7aObr3D-p3He27ubReB9P1gs32VPyzBD8Y
-rw-r--r-- 1 root root 87 2月 2 03:50 2019
IXiq_Y-tT7dYV8VOIvTNLs8zmtD8KybSDeanWwUQHZo
-rw-r--r-- 1 root root 87 2月 2 03:49 2019
t730jKPgKUuWx8NPD2K7TQnqZHje6sKBGjH3l96Om3I
-rw-r--r-- 1 root root 87 2月 2 03:49 2019
zaAP7rQ_930ATzW98vfSn_d6l9k-RsMAW9ViTtTiYQI
-rw-r--r-- 1 root root 87 2月 2 03:49 2019
lmH_EGMw-WasMscXje81EMzD23SQe34aoCZnP5HrtIA
-rw-r--r-- 1 root root 87 2月 2 03:49 2019
Jyp0ITip2y5lfAgRiIhIVkSXg2cMj7QjnbVKy0APzT4
^
^
^
# tail -70 /var/log/yum.log
Jan 17 06:00:52 Updated: kernel-headers-2.6.32-754.10.1.el6.x86_64
Jan 17 06:00:52 Updated: 1:cups-libs-1.4.2-80.el6_10.x86_64
Jan 23 06:00:35 Updated: rsyslog-8.1901.0-1.el6.x86_64
Jan 23 06:00:35 Updated: rsyslog-mmrm1stspace-8.1901.0-1.el6.x86_64
Jan 23 06:00:36 Updated: rsyslog-mmjsonparse-8.1901.0-1.el6.x86_64
Jan 23 06:00:36 Updated: rsyslog-relp-8.1901.0-1.el6.x86_64
Jan 25 06:00:35 Updated: base-ssl-locale-en_US-1.3.2-0BX03.el6.noarch
Jan 25 06:00:36 Updated: base-ssl-locale-it_IT-1.3.2-0BX03.el6.noarch
Jan 25 06:00:36 Updated: base-ssl-ui-1.3.2-0BX03.el6.noarch
Jan 25 06:00:37 Updated: base-ssl-locale-nl_NL-1.3.2-0BX03.el6.noarch
Jan 25 06:00:38 Installed: blueonyx-le-acme-2.8.0-3.noarch
Jan 25 06:00:38 Updated: base-ssl-glue-1.3.2-0BX03.el6.noarch
Jan 25 06:00:39 Updated: base-ssl-locale-de_DE-1.3.2-0BX03.el6.noarch
Jan 25 06:00:39 Updated: base-ssl-locale-pt_PT-1.3.2-0BX03.el6.noarch
Jan 25 06:00:39 Updated: base-ssl-locale-da_DK-1.3.2-0BX03.el6.noarch
Jan 25 06:00:40 Updated: base-ssl-locale-es_ES-1.3.2-0BX03.el6.noarch
Jan 25 06:00:40 Updated: base-ssl-locale-fr_FR-1.3.2-0BX03.el6.noarch
Jan 25 06:00:40 Updated: base-ssl-locale-ja_JP-1.3.2-0BX03.el6.noarch
Jan 25 06:00:41 Updated: base-ssl-capstone-1.3.2-0BX03.el6.noarch
Jan 25 06:00:45 Erased: blueonyx-letsencrypt
Jan 29 06:00:43 Updated: base-ssl-glue-1.3.2-0BX05.el6.noarch
Jan 29 06:00:43 Updated: blueonyx-le-acme-2.8.0-4.noarch
Jan 29 06:00:44 Updated: base-ssl-locale-nl_NL-1.3.2-0BX05.el6.noarch
Jan 29 06:00:44 Updated: base-ssl-ui-1.3.2-0BX05.el6.noarch
Jan 29 06:00:45 Updated: base-ssl-locale-it_IT-1.3.2-0BX05.el6.noarch
Jan 29 06:00:45 Updated: base-ssl-locale-fr_FR-1.3.2-0BX05.el6.noarch
Jan 29 06:00:45 Updated: base-ssl-locale-ja_JP-1.3.2-0BX05.el6.noarch
Jan 29 06:00:46 Updated: base-ssl-locale-en_US-1.3.2-0BX05.el6.noarch
Jan 29 06:00:46 Updated: base-ssl-locale-es_ES-1.3.2-0BX05.el6.noarch
Jan 29 06:00:46 Updated: base-ssl-locale-da_DK-1.3.2-0BX05.el6.noarch
Jan 29 06:00:47 Updated: base-ssl-locale-pt_PT-1.3.2-0BX05.el6.noarch
Jan 29 06:00:47 Updated: base-ssl-locale-de_DE-1.3.2-0BX05.el6.noarch
Jan 29 06:00:47 Updated: base-ssl-capstone-1.3.2-0BX05.el6.noarch
Feb 04 06:00:31 Updated: base-ssl-glue-1.3.2-0BX08.el6.noarch
Feb 04 06:00:31 Updated: base-ssl-locale-nl_NL-1.3.2-0BX08.el6.noarch
Feb 04 06:00:32 Updated: base-ssl-ui-1.3.2-0BX08.el6.noarch
Feb 04 06:00:32 Updated: base-ssl-locale-it_IT-1.3.2-0BX08.el6.noarch
Feb 04 06:00:33 Updated: base-ssl-locale-ja_JP-1.3.2-0BX08.el6.noarch
Feb 04 06:00:33 Updated: base-ssl-locale-fr_FR-1.3.2-0BX08.el6.noarch
Feb 04 06:00:33 Updated: base-ssl-locale-en_US-1.3.2-0BX08.el6.noarch
Feb 04 06:00:34 Updated: base-ssl-locale-es_ES-1.3.2-0BX08.el6.noarch
Feb 04 06:00:34 Updated: base-ssl-locale-da_DK-1.3.2-0BX08.el6.noarch
Feb 04 06:00:35 Updated: base-ssl-locale-pt_PT-1.3.2-0BX08.el6.noarch
Feb 04 06:00:35 Updated: base-ssl-locale-de_DE-1.3.2-0BX08.el6.noarch
Feb 04 06:00:35 Updated: base-ssl-capstone-1.3.2-0BX08.el6.noarch
Feb 07 06:00:30 Updated: base-ssl-glue-1.3.2-0BX10.el6.noarch
Feb 07 06:00:30 Updated: base-ssl-locale-fr_FR-1.3.2-0BX10.el6.noarch
Feb 07 06:00:31 Updated: base-ssl-locale-pt_PT-1.3.2-0BX10.el6.noarch
Feb 07 06:00:31 Updated: base-ssl-locale-ja_JP-1.3.2-0BX10.el6.noarch
Feb 07 06:00:31 Updated: base-ssl-locale-de_DE-1.3.2-0BX10.el6.noarch
Feb 07 06:00:32 Updated: base-ssl-locale-it_IT-1.3.2-0BX10.el6.noarch
Feb 07 06:00:32 Updated: base-ssl-locale-es_ES-1.3.2-0BX10.el6.noarch
Feb 07 06:00:33 Updated: base-ssl-locale-en_US-1.3.2-0BX10.el6.noarch
Feb 07 06:00:33 Updated: base-ssl-ui-1.3.2-0BX10.el6.noarch
Feb 07 06:00:34 Updated: base-ssl-locale-da_DK-1.3.2-0BX10.el6.noarch
Feb 07 06:00:34 Updated: base-ssl-locale-nl_NL-1.3.2-0BX10.el6.noarch
Feb 07 06:00:34 Updated: base-ssl-capstone-1.3.2-0BX10.el6.noarch
Feb 14 06:00:32 Updated: base-swupdate-locale-it_IT-1.6.1-0BX22.el6.noarch
Feb 14 06:00:33 Updated: base-swupdate-glue-1.6.1-0BX22.el6.noarch
Feb 14 06:00:34 Updated: base-swupdate-locale-en_US-1.6.1-0BX22.el6.noarch
Feb 14 06:00:34 Updated: base-swupdate-locale-da_DK-1.6.1-0BX22.el6.noarch
Feb 14 06:00:35 Updated: base-swupdate-locale-nl_NL-1.6.1-0BX22.el6.noarch
Feb 14 06:00:35 Updated: base-swupdate-ui-1.6.1-0BX22.el6.noarch
Feb 14 06:00:36 Updated: base-swupdate-locale-es_ES-1.6.1-0BX22.el6.noarch
Feb 14 06:00:36 Updated: base-swupdate-locale-de_DE-1.6.1-0BX22.el6.noarch
Feb 14 06:00:36 Updated: base-swupdate-locale-pt_PT-1.6.1-0BX22.el6.noarch
Feb 14 06:00:37 Updated: base-swupdate-locale-ja_JP-1.6.1-0BX22.el6.noarch
Feb 14 06:00:37 Updated: base-swupdate-locale-fr_FR-1.6.1-0BX22.el6.noarch
Feb 14 06:00:38 Updated: base-swupdate-capstone-1.6.1-0BX22.el6.noarch
Feb 18 06:00:28 Updated: solarspeed-ioncube-10.3.2-1.x86_64
# diff -u /usr/sausalito/acme/acme_wrapper.sh-00
/usr/sausalito/acme/acme_wrapper.sh
--- /usr/sausalito/acme/acme_wrapper.sh-00 2019-01-24
06:34:43.000000000 +0900
+++ /usr/sausalito/acme/acme_wrapper.sh 2019-02-25 09:16:33.905178185 +0900
@@ -6,4 +6,5 @@
export LE_CONFIG_HOME="/usr/sausalito/acme/data"
#alias acme.sh="/usr/sausalito/acme/acme.sh --config-home
'/usr/sausalito/acme/data'"
+umask 022
/usr/sausalito/acme/acme.sh --config-home '/usr/sausalito/acme/data' "$@
# /usr/sausalito/sbin/letsencrypt_autorenew.pl -a
It worked fine :)
Thank you.
Tomohiro Hosaka
2019年2月22日(金) 5:38 neal pressman <blueonyx at naitram.net>:
>
> for some reason this vhost is not working with lets encrypt:
>
> i think its related to the acme rewrite. the other vhost on the same
> system dose not have this problem
>
> [Thu Feb 21 14:54:38 2019] [error] [client 64.78.149.164] mod_mime_magic:
> can't read `/home/.acme/6YT48dMOsucrKzLbxmmJ44VeKqzOxM7UiiQoXCPUqeI',
> referer: http://www.XXXXXXXXX.com/.well-known/acme-
> challenge/6YT48dMOsucrKzLbxmmJ44VeKqzOxM7UiiQoXCPUqeI
> [Thu Feb 21 14:54:38 2019] [error] [client 64.78.149.164] (13)Permission
> denied: file permissions deny server access:
> /home/.acme/6YT48dMOsucrKzLbxmmJ44VeKqzOxM7UiiQoXCPUqeI, referer:
> http://www.XXXXXXXXX.com/.well-known/acme-
> challenge/6YT48dMOsucrKzLbxmmJ44VeKqzOxM7UiiQoXCPUqeI
>
>
> dont understand why i would have a permission issue from one vhost and not
> another
>
> --
> Open WebMail Project (http://openwebmail.org)
>
>
> ---------- Original Message -----------
> From: "neal pressman" <blueonyx at naitram.net>
> To: BlueOnyx General Mailing List <blueonyx at mail.blueonyx.it>
> Sent: Thu, 21 Feb 2019 09:14:57 -0400
> Subject: [BlueOnyx:22708] invalid cert letsencrypt
>
> > i have one domain that is not able to renew its cert. is there a way
> > to completely remove the cert and start over?
> >
> > [Thu Feb 21 08:09:22 EST 2019]
> di='/usr/sausalito/acme/certs/www.XXXXXXX.com/'
> > [Thu Feb 21 08:09:22 EST 2019] d='www.XXXXXXX.com'
> >
> > [Thu Feb 21 08:09:22 EST 2019] Using config
> home:/usr/sausalito/acme/data
> >
> > [Thu Feb 21 08:09:22 EST 2019] ACME_DIRECTORY='https://acme-
> v01.api.letsencrypt.org/directory'
> >
> > [Thu Feb 21 08:09:22 EST 2019]
> DOMAIN_PATH='/usr/sausalito/acme/certs/www.XXXXXXX.com'
> > [Thu Feb 21 08:09:22 EST 2019] Renew: 'www.XXXXXXX.com'
> >
> > [Thu Feb 21 08:09:22 EST 2019] Le_API='https://acme-
> v01.api.letsencrypt.org/directory'
> >
> > [Thu Feb 21 08:09:22 EST 2019] Using config
> home:/usr/sausalito/acme/data
> >
> > [Thu Feb 21 08:09:22 EST 2019] ACME_DIRECTORY='https://acme-
> v01.api.letsencrypt.org/directory'
> > [Thu Feb 21 08:09:22 EST 2019] Skip invalid cert for: www.XXXXXXX.com
> > [Thu Feb 21 08:09:22 EST 2019] Return code: 0
> > [Thu Feb 21 08:09:22 EST 2019] ===End cron===
> >
> > _______________________________________________
> > Blueonyx mailing list
> > Blueonyx at mail.blueonyx.it
> > http://mail.blueonyx.it/mailman/listinfo/blueonyx
> ------- End of Original Message -------
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list