Certbot Error CentOS 7.5
Hi All – I am running CentOS 7.5 and trying to use certbot. I am getting an error 403 forbidden on the
/.well-known/acme-challenge/-CG_gSckofY5ln7TdMvoanDI1_FBRh8otQkyB0hxmoo
Some searching indicated permission problems… I also noticed that the
/var/www/html directory does not even have the .well-known directory in it. The /var/www/html directory was root:root I changed it to root:apache and still same error. ls -l /var/www/
total 0
drwxr-xr-x. 2 root root 6 Jun 27 09:49 cgi-bin drwxr-xr-x. 6 root apache 214 Jun 27 09:49 html
Anyone ran into this ? Got a fix?
Thanks,
Jerry
3 thoughts on - Certbot Error CentOS 7.5
Le 10/07/2018 à 14:54, Jerry Geis a écrit :
Hi,
I just created a certificate for a new domain, using Certbot. I’m using certbot-auto and not certbot. Here’s the script I used for this.
–8<------------------------------------------------------------- #!/bin/bash # # mkcert.sh # # Créer ou renouveler un certificat SSL/TLS Let's Encrypt # Créer le groupe certs avec le GID 240 if ! grep -q "^certs:" /etc/group ; then groupadd -g 240 certs echo ":: Ajout du groupe certs." sleep 3 fi # Installer certbot-auto s'il n'est pas présent sur le serveur if ! -x /usr/local/sbin/certbot-auto ; then echo ":: Installation de certbot-auto." pushd /usr/local/sbin wget -c https://dl.eff.org/certbot-auto chmod 0700 certbot-auto popd fi # Arrêter le serveur Apache if ps ax | grep -v grep | grep httpd > /dev/null ; then
echo “:: Arrêt du serveur Apache.”
systemctl stop httpd 1 > /dev/null 2>&1
sleep 5
fi
# Générer ou renouveler un certificat SSL/TLS
/usr/local/sbin/certbot-auto certonly \
–non-interactive \
–email info@microlinux.fr \
–preferred-challenges http \
–standalone \
–agree-tos \
–renew-by-default \
–webroot-path /var/www/sudlabel-default \
-d sudlabel.net -d http://www.sudlabel.net \
–webroot-path /var/www/sudlabel-webmail \
-d mail.sudlabel.net \
–webroot-path /var/www/sudlabel-xibo \
-d xibo.sudlabel.net
# Définir les permissions echo “:: Définition des permissions.”
chgrp -R certs /etc/letsencrypt chmod -R g=rx /etc/letsencrypt
# Démarrer Apache echo “:: Démarrage du serveur Apache.”
systemctl start httpd
–8<------------------------------------------------------------- Cheers from the sunny South of France, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Have you checked and verified the SELinux ACLs for your web dir? ( ls -Z )
What is the full command you are using to request a certificate?