Centova Technologies Forum
		Centova Cast v3 => Bugs and issues => Topic started by: radioparanormalium on May 28, 2018, 12:19:48 pm
		
			
			- 
				Hello everyone,
 
 I\m trying to generate Let's Encrypt certificates. Symlinks are created and everything works fine until I perform:
 
 /usr/local/centovacast/sbin/setssl letsencrypt my_domain_name.pl
 which produces an error:
 
 2018-05-28 15:11:59 ERROR 403: Forbidden.
 > Download error details:
 > --2018-05-28 15:11:59--  http://my_domain_name.pl/.well-known/acme-challenge/test-1527534719.21341.txt
 > Resolving my_domain_name.pl... 185.157.80.126
 > Connecting to my_domain_name.pl|185.157.80.126|:80... connected.
 > HTTP request sent, awaiting response... 403 Forbidden
 > 2018-05-28 15:11:59 ERROR 403: Forbidden.
 >
 Challenge URI is not accessible.
 
 
 The "Let's Encrypt" certificate authority requires a web server to be listening
 on my_domain_name.pl port 80.  This means that you either need to configure
 Centova Cast to listen on port 80, or (if you are using another web server on this
 server) configure that web server to serve the files required to prove to "Let's
 Encrypt" that you own this domain.
 
 Refer to the following article for instructions on configuring your server
 correctly for use with "Let's Encrypt":
 http://www.centova.com/en/faq/cast3/information/lets_encrypt
 From what I've observed, performing
 
 /usr/local/centovacast/sbin/setssl letsencrypt my_domain_name.pl
 changes permissions of
 
 /usr/local/centovacast/etc/ssl/acme-challenges
 so that the generated txt file cannot be viewed in a browser and produces an 403 error.
 
 Any way to fix this?
- 
				Hello radioparanormalium,
 
 If you're using a third-party web server to serve the challenge files, you'll need to add the user account under which your web server runs, to the system group "centovacast".
 
 Either that, or simply edit setssl (line 111), and change "chmod 750" to "chmod 755".
 
 
 Regards.