webroot fails if group of `.well-known/` is not the process's group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-certbot (Ubuntu) |
New
|
Medium
|
Unassigned |
Bug Description
/var/www/
$ sudo -u letsencrypt /usr/bin/
Processing /etc/letsencryp
2017-04-22 22:48:11,
The error was: PluginError(
All renewal attempts failed. The following certs could not be renewed:
/etc/
1 renew failure(s), 0 parse failure(s)
From looking at `strace`:
stat("/
mkdir("
stat("/
chown("
Diving in to the code, webroot.py[1] is checking for EACCESS and then letting you on your way, when it really should be checking for EPERM.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: letsencrypt 0.4.1-1
ProcVersionSign
Uname: Linux 4.4.0-59-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Sat Apr 22 22:57:59 2017
InstallationDate: Installed on 2014-04-18 (1100 days ago)
InstallationMedia:
JournalErrors:
Error: command ['journalctl', '-b', '--priority=
Users in the 'systemd-journal' group can see all messages. Pass -q to
turn off this notice.
No journal files were opened due to insufficient permissions.
PackageArchitec
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: python-letsencrypt
UpgradeStatus: Upgraded to xenial on 2016-06-13 (313 days ago)
affects: | python-letsencrypt (Ubuntu) → python-certbot (Ubuntu) |