• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Node.JS and SSL - Permission denied while trying to get certificates

PiTiNiNjA

New Pleskian
Hello,

I'm trying to setup a NodeJs application on my Plesk server.

I have an error while trying to run the script through the NodeJs extension:

Error: EACCES: permission denied, open '/usr/local/psa/var/modules/letsencrypt/etc/live/[MyDomain]/privkey.pem'

I understand that the user running the NodeJs application doesn't have the proper permissions to read the certificates.

How can I get my NodeJS app to access the certificate files? Should I manually edit the permissions (this doesn't seem right to me because of security)? Or is there any other way?

Thanks.
 
Same problem here, I altered the permissions of the file using chmod +r {path to pem files}, I get a green padlock but the code fails with an error
Error: EACCES: permission denied

Further down it states https in enabled. on the error page
 
I'm not sure changing the file permission is the solution here, because I think it will eventually be overwritten by the certificate renewal.
I'm pretty sure there must be a way to give permission to the user running the NodeJS script, but I don't know how to do it properly.
 
Hi, thank you for your time Ruslan.

I have a Debian 9 server with Plesk 17.8 preview and the NodeJS extension.

I added a domain (let's say my.domain.com) with web hosting and put my NodeJS app files in the httpdocs folder.

The SSL/HTTPS code in my index.js looks like this:


//[...]
//https
var https = require('https');
//ssl options
var sslPath = '/etc/letsencrypt/live/my.domain.com/';
var options = {
key: fs.readFileSync(sslPath+'privkey.pem'),
cert: fs.readFileSync(sslPath+'fullchain.pem')
};
//init https server
var server = https.createServer(options, app);
//[...]


When I start my application, it throws an error:
Error: EACCES: permission denied, open '/usr/local/psa/var/modules/letsencrypt/etc/live/my.domain.com/privkey.pem'

The error seems legit since the certificate files are well protected and that's a good thing.
Though I don't know how I can get to read them in order to secure my app?


I've tried so far to create symbolic links in my app folder pointing to the certificate files, then chown the links with the --no-dereference option to keep the original files untouched.
Unfortunalty it didn't fix anything since the ownership is not the only issue, I also have to
chmod but it's impossible to chmod with --no-dereference and I certainly don't want to change any original file permission which would be I guess a security issue.

I hope I have explained well, sorry for the long potato post.
 
There is no need to setup SSL certification parameters inside your Node.js app. SSL certificate should be configured using Plesk web interface.
Node.js app acts behind Phusion Passenger application server bundled with nginx or Apache (depends on your Plesk setup). It means if you open your website in browser request goes to nginx, then to Passenger and only then to your Node.js app. So you makes no sense to have SSL certificate details inside Node.js app, because it should be configured on upsteam webserver.

You can find ready-to-use example of small Node.js app suitable for Plesk here: node-hello-world/app.js at master · plesk/node-hello-world · GitHub
 
There is no need to setup SSL certification parameters inside your Node.js app. SSL certificate should be configured using Plesk web interface.
Node.js app acts behind Phusion Passenger application server bundled with nginx or Apache (depends on your Plesk setup). It means if you open your website in browser request goes to nginx, then to Passenger and only then to your Node.js app. So you makes no sense to have SSL certificate details inside Node.js app, because it should be configured on upsteam webserver.

You can find ready-to-use example of small Node.js app suitable for Plesk here: node-hello-world/app.js at master · plesk/node-hello-world · GitHub

Dear SibProgrammer, huge thanks for explaining this. I will try asap and let you know.

EDIT
It is working! As pointed by SibPogrammer, no need to setup SSL within the NodeJS sript, Plesk/Nginx takes care of that for you. Good to know! Many thanks.
 
Last edited:
Back
Top