Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission error certificate TLS-acmeSupplied #49

Open
leenaars opened this issue Dec 4, 2018 · 4 comments
Open

Permission error certificate TLS-acmeSupplied #49

leenaars opened this issue Dec 4, 2018 · 4 comments

Comments

@leenaars
Copy link
Contributor

leenaars commented Dec 4, 2018

I wanted to upgrade my test instance but I'm consistently gettting a permission error on the certificate install phase for all certs:

8z9z3qyyybqqhvyk0z7fnkqymfvm287q-unit-script-nixcloud.TLS-acmeSupplied-test.com-start[12817]: /nix/store/8z9z3qyyybqqhvyk0z7fnkqymfvm287q-unit-script-nixcloud.TLS-acmeSupplied-test.com-start: line 2: cd: /var/lib/nixcloud/TLS/test.com/acmeSupplied: Permission denied
@qknight
Copy link
Member

qknight commented Dec 4, 2018

nixos-version says?

@qknight
Copy link
Member

qknight commented Dec 4, 2018

can you do a: rm -Rf /var/lib/nixcloud/TLS

@leenaars
Copy link
Contributor Author

leenaars commented Dec 4, 2018

My version is 18.09.d45a0d7-nixcloud_decec0f (Jellyfish)

@qknight
Copy link
Member

qknight commented Dec 4, 2018

can you list the service files, mine look like this (my nixcloud-webservices is on 975d7ff)

root@status ~# systemctl cat nixcloud.TLS-acmeSupplied-status.nixcloud.io.timer
# /nix/store/rjwk2qf2mw10x2q8pd8iqqckyqy7zwh0-unit-nixcloud.TLS-acmeSupplied-status.nixcloud.io.timer/nixcloud.TLS-acmeSupplied-status.nixcloud.io.timer
[Unit]
Description=Renew ACME Certificate for status.nixcloud.io

[Timer]
AccuracySec=5m
OnCalendar=daily
Persistent=yes
RandomizedDelaySec=1h
Unit=nixcloud.TLS-acmeSupplied-status.nixcloud.io.service

root@status ~# systemctl cat nixcloud.TLS-acmeSupplied-status.nixcloud.io.service
# /nix/store/gswik8lyf8i6i9l6w6gdlwx0vkds39w3-unit-nixcloud.TLS-acmeSupplied-status.nixcloud.io.service/nixcloud.TLS-acmeSupplied-status.nixcloud.io.service
[Unit]
After=network-online.target nixcloud.TLS-acmeSuppliedPreliminary-status.nixcloud.io.service nixcloud.reverse-proxy.service
Before=nixcloud.TLS-acmeSupplied-certificates.target
Description=nixcloud.TLS: create acmeSupplied certificate for status.nixcloud.io
Requires=nixcloud.TLS-acmeSuppliedPreliminary-status.nixcloud.io.service nixcloud.reverse-proxy.service

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/78yiqfgzz2b32pn391najl1k1jqch2hf-glibc-locales-2.27/lib/locale/locale-archive"
Environment="PATH=/nix/store/wm8va53fh5158ipi0ic9gir64hrvqv1z-coreutils-8.29/bin:/nix/store/g5dlpwd44kd75i71nwzii8w4bp4inxwk-findutils-4.6.0/bin:/nix/store/9f89z51na7w931aja8lqlmhqny9h16cj-gnugrep-3.1/bin:/nix/store/ny5p32137wfyzdm485xf>
Environment="TZDIR=/nix/store/qh0473bw25p2nciwmvc24dwamc920485-tzdata-2018e/share/zoneinfo"



ExecStart=/nix/store/m5nh038yvxk6788sn7jqj0zn97xmic34-unit-script-nixcloud.TLS-acmeSupplied-status.nixcloud.io-start 
ExecStartPost=/nix/store/ml7x6ib89p1w5ilq9bs4vfpr709br60r-unit-script-nixcloud.TLS-acmeSupplied-status.nixcloud.io-post-start
ExecStartPre=/nix/store/iarmw8r1zhahsd3cp18bvzdfq6lprg4h-unit-script-nixcloud.TLS-acmeSupplied-status.nixcloud.io-pre-start
PermissionsStartOnly=true
ProtectSystem=strict
ReadWritePaths=-/var/lib/nixcloud/TLS/status.nixcloud.io/acmeSupplied
RuntimeDirectory=nixcloud/lego/status.nixcloud.io/challenges
SupplementaryGroups=status-nixcloud-io
Type=oneshot
User=nixcloud-lego-user

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qknight @leenaars