Comments (4)
Ah, sorry this slipped past me earlier, but thanks for pointing this out.
I think conf.d
and config.sh
being owned by root is okay, but we do need to make sure .acme-challenges
is writable by the nginx worker user. I think we can perhaps fix this by shifting the initial mkdir for .acme-challenges
into the init_worker phase (instead of init), but I'll try to look at getting this fixed in the next week or two. Our test environment also doesn't currently perform tests with a separate nginx worker user, so I'd also like to try and resolve that so we can better test the permissions setup in an automated fashion.
Thanks again for the report!
from lua-resty-auto-ssl.
No problem! I dealt with this with our config management tool. Thanks for this great project!
from lua-resty-auto-ssl.
This should now fixed as part of the v0.8.2 release (and we now have some tests in our test suite that check file permissions when starting the master process as root and the worker processes as another user). Thanks for reporting this!
from lua-resty-auto-ssl.
@GUI I'm getting permission errors for config
err: /usr/local/openresty/luajit/bin/resty-auto-ssl/dehydrated: line 136: /etc/resty-auto-ssl/letsencrypt/config: Permission denied
from lua-resty-auto-ssl.
Related Issues (20)
- How to determine if self signed cert is being used HOT 8
- Is it possible to change the LE CA to a custom CA? HOT 1
- Working with a Third-Party ACME Provider and Request is Incorrect HOT 2
- How to pass username in auth option for redis.
- Does it support zerossl
- Test against newer versions of OpenResty HOT 5
- Certificates with multiple accounts HOT 1
- How to explicitly delete a domain/certificate? HOT 1
- Proxy Protocol v2 not supported
- How change allow_domains to file separate
- Security issue
- New Release? HOT 6
- Migrate letsencrypt certifcates on disk to lua-resty-open-ssl HOT 2
- Failing to use the 'has_certificate' method HOT 1
- Renewal fails with error: auto-ssl: failed to obtain lock: closed, context: ngx.timer
- Move Out Renewal Jobs to Another Server HOT 1
- Let's Encrypt response on renewal: Order's status ("valid") is not acceptable for finalization
- Update Dehydrated to 0.7.1+ to fix issuance with Let's Encrypt
- Cannot change the renewal interval
- Remove cached certificate HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lua-resty-auto-ssl.