• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue let's encrypt error

sebgonzes

Silver Pleskian
Witth an plesk onyx updated on cloudlinux 7.1, I have the error :


Error: Error de instalación del certificado SSL Let's Encrypt: Failed letsencrypt execution: Saving debug log to /usr/local/psa/var/modules/letsencrypt/logs/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for xxxxxxxxxx.com
http-01 challenge for www.xxxxxxxxxx.com
Starting new HTTPS connection (1): 127.0.0.1
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /usr/local/psa/var/modules/letsencrypt/etc/keys/0268_key-certbot.pem
Creating CSR: /usr/local/psa/var/modules/letsencrypt/etc/csr/0268_csr-certbot.pem
Non-standard path(s), might not work with crontab installed by your operating system package manager
An unexpected error occurred:
OSError: [Errno 2] No such file or directory
Please see the logfiles in /usr/local/psa/var/modules/letsencrypt/logs for more details.

Domain works correctly in http://... I don't understand the problem... Is there any issue?
 
From your point of view: What could "Non-standard path(s)" mean in the error message? Do you see details in /usr/local/psa/var/modules/letsencrypt/logs? The Let's Encrypt extension is expecting a path on the system that does not exist or is not writeable. Did you make any changes to default paths or permissions in your Plesk installation or operating system?
 
From your point of view: What could "Non-standard path(s)" mean in the error message? Do you see details in /usr/local/psa/var/modules/letsencrypt/logs? The Let's Encrypt extension is expecting a path on the system that does not exist or is not writeable. Did you make any changes to default paths or permissions in your Plesk installation or operating system?

Peter, I understand the message, I am not absolutely silly, but I don't understand why there is this problem...
I have plesk 12.5 before in the same server, and the extension always works fine... path have, of course, not changed updating to plesk onyx, I don't know if plesk onyx have change any permission that generate the bug...

There was the same error in the past with plesk 12.5 (https://support.plesk.com/hc/en-us/...particular-domain-if-the-domain-was-recreated) and the unique solution was the next micro-update, I need to know why the problem have appear again in plesk onyx now and how to solve it (and please, stop your "From your point of view: What coul" comentary in forum.. it's really not necesary, aggresive and not help to solve any real problem...)

Hope that plesk team can review the problem.
 
I am sorry if there was a misunderstanding. I did not mean to insult you in any way. I was seriously asking whether you know of any specific changes in permissions, because the issue is not present in default setups. "Your perspective" referring to additional knowledge you have on your system that was not presented in the case description.

I hope that Plesk team can solve the case for you.
 
Most probably that the root cause of the issue that user `psaadm` can't create symlinks. Make sure with

# sysctl -p

or in /etc/sysctl.conf or /usr/lib/sysctl.d/00-system.conf

that following parameters are not

fs.protected_symlinks_create = 1 <<<< Should be 0
fs.protected_hardlinks_create = 1 <<< Should be 0
 
Most probably that the root cause of the issue that user `psaadm` can't create symlinks. Make sure with

# sysctl -p

or in /etc/sysctl.conf or /usr/lib/sysctl.d/00-system.conf

that following parameters are not

fs.protected_symlinks_create = 1 <<<< Should be 0
fs.protected_hardlinks_create = 1 <<< Should be 0

Hello Igor,

None of both parameter are in our system :


[root@~]# grep protected /etc/sysctl.conf
[root@~]# grep protected /usr/lib/sysctl.d/00-system.conf


[root@ ~]# sysctl -p
fs.proc_can_see_other_uid = 0
fs.proc_super_gid = 1000
vm.swappiness = 10

I had to add them? There is some change from plesk 12.5 to plesk 17 about this permissions?

Thanks for your help (we have updated more than 50 servers and can be an great problem for all of them...)
 
Last edited:
Hello Igor

I have added this 2 lines and this have solved the problem.
This will be solved directly in next release/MU? I understand that other user can have the same problem...
 
Back
Top