Announcement

Collapse
No announcement yet.

Plesk Lets Encrypt: [Errno 2] No such file or directory

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Plesk Lets Encrypt: [Errno 2] No such file or directory

    Hi!

    Im working with CL 7.3 and Plesk Onyx 17.0.17. But the Lets Encrypt add-on is not working properly with CageFS:

    Code:
    Starting new HTTPS connection (1): 127.0.0.1

Waiting for verification...

Cleaning up challenges

Generating key (2048 bits): /usr/local/psa/var/modules/letsencrypt/etc/keys/0001_key-certbot.pem

Creating CSR: /usr/local/psa/var/modules/letsencrypt/etc/csr/0001_csr-certbot.pem

Non-standard path(s), might not work with crontab installed by your operating system package manager

An unexpected error occurred:

OSError: [Errno 2] No such file or directory
    This "problem"/misconfiguration is known and Plesk offers an answer to this: https://support.plesk.com/hc/en-us/a...e-or-directory

    So I added fs.protected_symlinks_allow_gid = id_of_group_linksafe to /etc/sysctl.conf and applied the changes by sysctl -p, but this leads to:

    Code:
    fs.protected_symlinks_create = 1

fs.protected_hardlinks_create = 1

fs.protected_symlinks_allow_gid = 986

fs.protected_hardlinks_allow_gid = 986

fs.proc_super_gid = 1000

sysctl: setting key "fs.protected_symlinks_allow_gid": Invalid argument

fs.protected_symlinks_allow_gid = id_of_group_linksafe

fs.proc_can_see_other_uid = 0
    According to this its still not possible to use Lets Encrypt. Any ideas how to get it running? And no, I wont disable the symlink protection, that was the only solution provided by google ;-)

    Thanks in advance for your help!
    Tags: None
  • #2
    Hi,

    You should add real group ID to fs.protected_symlinks_allow_gid , get it with:

    Code:
    # getent group linksafe
    > linksafe:x:984:mailman

    You will get different ID, most probably 986. Then modify /etc/sysctl.conf :

    Code:
    fs.protected_symlinks_allow_gid = 984
    And apply changes with sysctl -p .

    Now, about the error No such file or directory - first thing to check is if user from CageFS inside see that directory, check it with:

    Code:
    su -l username -s /bin/bash

ls -la /usr/local/psa/var/modules/letsencrypt/
    Most probably it should be add into CageFS. I am not really sure if that will be enough, if errors continues please create support ticket with us.

    I totally agree with you that disabling protection is a bad idea. Definitely there should be right way to make it working.

    Comment

    • #3
      Just to update this thread, we were able to identify the problem. To fix it for sure please add psaadm user to linksafe group:

      Code:
      usermod -a -G linksafe psaadm
      Bugreport has been created, this will be managed automatically with future cloudlinux-linksafe package updates.

      Comment

      • #4
        I had the same problem, but adding to linksafe did not help: fs.protected_hardlinks = 1 fs.protected_hardlinks_allow_gid = 987 fs.protected_hardlinks_create = 1 fs.protected_symlinks = 1 fs.protected_symlinks_allow_gid = 987 fs.protected_symlinks_create = 1 # getent group linksafe linksafe:x:987saadm It helped only to disable protected_symlinks & hardlinks # uname -a Linux 3.10.0-427.10.1.lve1.4.7.el7.x86_64 #1 SMP Sat Apr 2 12:09:46 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux

        Comment

        • #5
          I have tested this solution personally and I am sure it works We would like to review your setup, please create support ticket. Thanks.

          Comment

          Previous template Next
          Working...
          X