DevHeads.net

Certbot error CentOS 7.5

Hi All - I am running CentOS 7.5 and trying to use certbot.
I am getting an error 403 forbidden on the
/.well-known/acme-challenge/-CG_gSckofY5ln7TdMvoanDI1_FBRh8otQkyB0hxmoo

Some searching indicated permission problems... I also noticed that the
/var/www/html directory does not even have the .well-known directory in
it. The /var/www/html directory was root:root I changed it to root:apache
and still same error.
ls -l /var/www/
total 0
drwxr-xr-x. 2 root root 6 Jun 27 09:49 cgi-bin
drwxr-xr-x. 6 root apache 214 Jun 27 09:49 html

Anyone ran into this ? Got a fix?
Thanks,

Jerry

Comments

Re: Certbot error CentOS 7.5

By Gordon Messmer at 07/13/2018 - 11:46

On 07/10/2018 05:54 AM, Jerry Geis wrote:
What is the full command you are using to request a certificate?

Re: Certbot error CentOS 7.5

By Jon Pruente at 07/10/2018 - 12:02

Have you checked and verified the SELinux ACLs for your web dir? ( ls -Z )

Re: Certbot error CentOS 7.5

By Niki Kovacs at 07/10/2018 - 11:57

Le 10/07/2018 à 14:54, Jerry Geis a écrit :
Hi,

I just created a certificate for a new domain, using Certbot. I'm using
certbot-auto and not certbot. Here's the script I used for this.

--8<-------------------------------------------------------------
#!/bin/bash
#
# mkcert.sh
#
# Créer ou renouveler un certificat SSL/TLS Let's Encrypt

# Créer le groupe certs avec le GID 240
if ! grep -q "^certs:" /etc/group ; then
groupadd -g 240 certs
echo ":: Ajout du groupe certs."
sleep 3
fi

# Installer certbot-auto s'il n'est pas présent sur le serveur
if ! -x /usr/local/sbin/certbot-auto ; then
echo ":: Installation de certbot-auto."
pushd /usr/local/sbin
wget -c <a href="https://dl.eff.org/certbot-auto" title="https://dl.eff.org/certbot-auto">https://dl.eff.org/certbot-auto</a>
chmod 0700 certbot-auto
popd
fi

# Arrêter le serveur Apache
if ps ax | grep -v grep | grep httpd > /dev/null ; then
echo ":: Arrêt du serveur Apache."
systemctl stop httpd 1 > /dev/null 2>&1
sleep 5
fi

# Générer ou renouveler un certificat SSL/TLS
/usr/local/sbin/certbot-auto certonly \
--non-interactive \
--email <a href="mailto: ... at microlinux dot fr"> ... at microlinux dot fr</a> \
--preferred-challenges http \
--standalone \
--agree-tos \
--renew-by-default \
--webroot-path /var/www/sudlabel-default \
-d sudlabel.net -d <a href="http://www.sudlabel.net" title="www.sudlabel.net">www.sudlabel.net</a> \
--webroot-path /var/www/sudlabel-webmail \
-d mail.sudlabel.net \
--webroot-path /var/www/sudlabel-xibo \
-d xibo.sudlabel.net

# Définir les permissions
echo ":: Définition des permissions."
chgrp -R certs /etc/letsencrypt
chmod -R g=rx /etc/letsencrypt

# Démarrer Apache
echo ":: Démarrage du serveur Apache."
systemctl start httpd
--8<-------------------------------------------------------------

Cheers from the sunny South of France,

Niki