Problem Description
root@srv-pfb68:/srv/something.co.uk/config/ssl# symbiosis-ssl --verbose something.co.uk
* Examining certificates for something.co.uk
SSL set 0: Not valid for something.co.uk -- certificate has expired (10)
!! Failed: Permission denied @ rb_file_s_symlink - (/srv/something.co.uk/config/ssl/sets/1, /srv/something.co.uk/config/ssl/current)
root@srv-pfb68:~# ls -al /srv/something.co.uk/config/ssl/ -d
drwxrws--x 5 sympl sympl 4096 Sep 22 10:47 /srv/something.co.uk/config/ssl/
root@srv-pfb68:~# ls -al /srv/something.co.uk/config/ssl/sets
total 16
drwxrws--x 4 sympl ssl-cert 4096 Nov 21 06:25 .
drwxrws--x 5 sympl sympl 4096 Sep 22 10:47 ..
drwxrws--x 2 sympl ssl-cert 4096 Sep 22 10:47 0
drwxrws--x 2 sympl ssl-cert 4096 Nov 21 06:25 1
What are the correct/required permissions?
Environment
- Sympl Version [9.0/10.0]: sympl-core 10.0.200923.0
- Sympl Testing Version? [Yes/No] No
- Debian Version [Buster/Stretch]: Buster
- Hardware Type? [Dedicated/Virtual/Pi] Virtual Machine via Brightbox.
My domains all have the same permissions as yours, so I don’t think there is anything wrong in that respect:
ls -ld /srv/roguetory.org.uk/config/ssl
drwxrws--x 4 sympl sympl 4096 Dec 17 07:02 /srv/roguetory.org.uk/config/ssl
$ ls -ld /srv/roguetory.org.uk/config/ssl/sets
drwxrws--x 4 sympl ssl-cert 4096 Dec 17 07:02 /srv/roguetory.org.uk/config/ssl/sets
ls -la /srv/roguetory.org.uk/config/ssl/sets
total 16
drwxrws--x 4 sympl ssl-cert 4096 Dec 17 07:02 .
drwxrws--x 4 sympl sympl 4096 Dec 17 07:02 ..
drwxrws--x 2 sympl ssl-cert 4096 Oct 18 15:11 0
drwxrws--x 2 sympl ssl-cert 4096 Dec 17 07:02 1
Sounds like something went wrong with the ‘current’ symlink - the symlink should normally be owned by sympl:sympl
, but you can reset it’s permissions with chown -h sympl:sympl /srv/example.com/config/ssl/current
, or just remove it and run sudo sympl-ssl
to recreate it.
Ah hah, finally figured out the problem …
/srv/something.co.uk was owned by debian:debian (uid/gid 1000).
chown sympl:sympl /srv/something.co.uk allowed sympl-ssl to work.