Bugzilla – Bug 7080
tlwebaccess/tlwebadm refuses to work with cert key in private dir
Last modified: 2017-11-21 13:02:29
You need to
before you can comment on or make changes to this bug.
tlwebaccess and tlwebadm has a security check that the private key isn't world
readable. When this triggers we get:
> 2017-11-20 10:41:22 ERROR tlwebaccess: [::ffff:184.108.40.206] File is read and writeable by others than file owner.
> 2017-11-20 10:41:22 ERROR tlwebaccess: [::ffff:220.127.116.11] Failed to reliable read the certificate key from file, exiting.
Unfortunately it only checks the file itself, rather than the entire path
leading to the file. This breaks certbot/letsencrypt as they secure the files
via the directory:
> drwx------. 3 root root 34 Nov 20 10:38 /etc/letsencrypt/archive/
and not the files:
> -rw-r--r--. 1 root root 1704 Nov 20 10:38 /etc/letsencrypt/archive/certdemo.thinlinc.com/privkey1.pem
This means we cannot use these files directly without some modification.