[BlueOnyx:22723] Re: invalid cert letsencrypt

Tomohiro Hosaka bokutin at gmail.com
Mon Feb 25 11:44:10 -05 2019 

Hi Michael,

2019年2月26日(火) 1:26 Michael Stauber <mstauber at blueonyx.it>:
>
> Hi Tomohiro,
>
> What version of BlueOnyx is this? 5207R/5208R or 5209R?

base-blueonyx-capstone-5208R-4.20140909BX03.el6.noarch

>
> > # ls -alt /home/.acme
> > drwxr-xr-x   3 root root 4096  2月 25 03:49 2019 .
> > -rw-r-----   1 root root   87  2月 25 03:49 2019
> > stpjboYdlWKv4sDxfRUnypt6XeDgI8YUlTc1-UOhqh8
> > -rw-r--r--   1 root root   87  2月  2 03:50 2019
> > t_dgmZrfNin7fYA1-GjLQfFDBJoh_OAEUKmozDoMFjM <----- -rw-r--r--
>
> The permissions on these files ought to be -rw-r--r-- (644). There was a
> problem on 5207R/5208R that files were created with 600 permissions,
> which wasn't good enough. An update to blueonyx-acme fixed this and
> these files should now all be created with 644 permissions.

For the purpose of debugging, we made the following changes.

# diff -u /usr/sausalito/acme/acme.sh-00 /usr/sausalito/acme/acme.sh
--- /usr/sausalito/acme/acme.sh-00      2019-02-25 00:30:04.372319351 +0900
+++ /usr/sausalito/acme/acme.sh 2019-02-26 01:35:46.743599682 +0900
@@ -4063,7 +4063,7 @@

         _debug wellknown_path "$wellknown_path"

-        _debug "writing token:$token to $wellknown_path/$token"
+        _debug "writing token:$token to $wellknown_path/$token umask:`umask`"

         mkdir -p "$wellknown_path"

# fgrep umask /var/log/letsencrypt/letsencrypt.log
[Mon Feb 25 08:55:57 JST 2019] writing
token:WZ07_OOEDRtIrOFksk7JlExUApqFuIauj1U_LYI6PRk to
/home/.acme//.well-known/acme-challenge/WZ07_OOEDRtIrOFksk7JlExUApqFuIauj1U_LYI6PRk
umask:0027

Others read bit can not be set.

I have not figured out where this umask comes from.

>
> Please make sure you are fully yum updated:
>
> yum clean all
> yum update
>
> Also restart please restart httpd to see if it makes any difference:
>
> service httpd restart
>

I have already done it.

Thank you for your reply.

Tomohiro Hosaka

>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list