letsencrypt 证书的权限被拒绝错误

letsencrypt 证书的权限被拒绝错误

这个错误来自 dovecot,由于权限问题,它无法读取证书,我尝试更改权限,目前我的所有内容都在 644 上,我知道路径只是/etc/letsencrypt/archives文件路径的链接,所以我真的不知道发生了什么,我不知道链接上的权限如何影响目标

mail dovecot: imap(example_user)<28542><mxY1sjPSlsxHvuNn>: 
 Panic: Settings check unexpectedly failed: ssl_client_ca_dir: 
 access(/etc/letsencrypt/live/mail.servicemouse.com) failed: Permission denied

答案1

您需要为目录设置合理的权限链接是(/etc/letsencrypt/live)并且真实文件/etc/letsencrypt/archives)。每次更新证书时都要修复它,因为新文件会获得“安全”权限。以下脚本是我前段时间使用过的:

#!/bin/bash

#use: certbot renew --post-hook /usr/local/bin/certbot-renew-fix-file-access.sh

chmod 0755 /etc/letsencrypt/
chmod 0711 /etc/letsencrypt/live/
chmod 0750 /etc/letsencrypt/live/example.com/
chmod 0711 /etc/letsencrypt/archive/
chmod 0750 /etc/letsencrypt/archive/example.com/
chmod 0640 /etc/letsencrypt/archive/example.com/{cert,chain,fullchain}*.pem
chmod 0640 /etc/letsencrypt/archive/example.com/privkey*.pem

chown root:root /etc/letsencrypt/
chown root:root /etc/letsencrypt/live/
chown root:mail /etc/letsencrypt/live/example.com/
chown root:root /etc/letsencrypt/archive/
chown root:mail /etc/letsencrypt/archive/example.com/
chown root:mail /etc/letsencrypt/archive/example.com/{cert,chain,fullchain}*.pem
chown root:mail /etc/letsencrypt/archive/example.com/privkey*.pem

/etc/init.d/postfix restart
/etc/init.d/cyrus restart
/etc/init.d/apache2 restart

您需要调整主机名、运行服务的组名(如果不是)mail以及更新后需要获取新证书的服务。

相关内容