Server not starting with user solid because of letsencrypt ssl acces


#1

Hi all,

We have installed the solid server by the INSTALLING AND RUNNING NODE SOLID SERVER documentation.

It recommends to add a user ‘solid’ for systemd to auto start the Solid server, so we created this user.
How ever it wouldn’t start the server with the ‘solid’ user, but it does with ‘root’. When not running in verbose (-v) we get some output from systemd status solid:
Apr 12 01:15:58 ubuntu-2gb-nbg1-1 solid[11136]: ERROR Can’t find SSL key in /etc/letsencrypt/live/domain/privkey.pem

When checking the /etc/letsencrypt/live directory default permission I see it is only readable for root
4.0K drwx------ 3 root root 4.0K Apr 10 20:53 live

What is a secure / recommended solution to fix this issue?

Thanks for helping in advance,
Jurjen


#2

@MohamedSaidHamed This is the same issue you are having, isn’t it?


#3

Yes I’m having the same issue!


#4

Yes this looks like a step was missed in ensuring that the created solid user is able to read the certs appropriately. The quickest approach to get you going would be:

  1. Create a “certificates” group
  2. Add user “solid” to that group
  3. Change the permissions on /etc/letsencrypt/live/domain/ to be readable by the certificates group

For those using certbot, probably a better long-term approach would be to add a deploy-hook script that copies the certs into a space where the solid user is better permissioned (e.g. /etc/solid/certificates).

Will make an issue to get the documentation updated.


#5

Thanks @justin . I’ll give it a try. The deploy-hook script isn’t documented in which parameters to change, and I got a rate limit from letsencrypt for force renewing, so I can see if the script will work next week.