No announcement yet.

Plesk Lets Encrypt: [Errno 2] No such file or directory

  • Filter
  • Time
  • Show
Clear All
new posts

  • Plesk Lets Encrypt: [Errno 2] No such file or directory


    Im working with CL 7.3 and Plesk Onyx 17.0.17. But the Lets Encrypt add-on is not working properly with CageFS:

    Starting new HTTPS connection (1):
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /usr/local/psa/var/modules/letsencrypt/etc/keys/0001_key-certbot.pem
    Creating CSR: /usr/local/psa/var/modules/letsencrypt/etc/csr/0001_csr-certbot.pem
    Non-standard path(s), might not work with crontab installed by your operating system package manager
    An unexpected error occurred:
    OSError: [Errno 2] No such file or directory
    This "problem"/misconfiguration is known and Plesk offers an answer to this:

    So I added fs.protected_symlinks_allow_gid = id_of_group_linksafe to /etc/sysctl.conf and applied the changes by sysctl -p, but this leads to:

    fs.protected_symlinks_create = 1
    fs.protected_hardlinks_create = 1
    fs.protected_symlinks_allow_gid = 986
    fs.protected_hardlinks_allow_gid = 986
    fs.proc_super_gid = 1000
    sysctl: setting key "fs.protected_symlinks_allow_gid": Invalid argument
    fs.protected_symlinks_allow_gid = id_of_group_linksafe
    fs.proc_can_see_other_uid = 0
    According to this its still not possible to use Lets Encrypt. Any ideas how to get it running? And no, I wont disable the symlink protection, that was the only solution provided by google ;-)

    Thanks in advance for your help!

  • #2

    You should add real group ID to fs.protected_symlinks_allow_gid , get it with:

    # getent group linksafe
    > linksafe:x:984:mailman

    You will get different ID, most probably 986. Then modify /etc/sysctl.conf :

    fs.protected_symlinks_allow_gid = 984
    And apply changes with sysctl -p .

    Now, about the error No such file or directory - first thing to check is if user from CageFS inside see that directory, check it with:

    su -l username -s /bin/bash
    ls -la /usr/local/psa/var/modules/letsencrypt/
    Most probably it should be add into CageFS. I am not really sure if that will be enough, if errors continues please create support ticket with us.

    I totally agree with you that disabling protection is a bad idea. Definitely there should be right way to make it working.


    • #3
      Just to update this thread, we were able to identify the problem. To fix it for sure please add psaadm user to linksafe group:

      usermod -a -G linksafe psaadm
      Bugreport has been created, this will be managed automatically with future cloudlinux-linksafe package updates.


      • #4
        I had the same problem, but adding to linksafe did not help: fs.protected_hardlinks = 1 fs.protected_hardlinks_allow_gid = 987 fs.protected_hardlinks_create = 1 fs.protected_symlinks = 1 fs.protected_symlinks_allow_gid = 987 fs.protected_symlinks_create = 1 # getent group linksafe linksafe:x:987saadm It helped only to disable protected_symlinks & hardlinks # uname -a Linux 3.10.0-427.10.1.lve1.4.7.el7.x86_64 #1 SMP Sat Apr 2 12:09:46 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux


        • #5
          I have tested this solution personally and I am sure it works We would like to review your setup, please create support ticket. Thanks.