Let's encrypt SSL couldn't start by “Error: EACCES: permission denied, open '/etc/letsencrypt/live/domain.net/privkey.pem'”

Question

I tried to use SSL by Node.js but it doesn\'t work because permission denied.

try {
var TLSoptions = {
    key: fs.readFileSync(\"/etc/letsencry         


        

Answer 1

I'm not familiar with Node.js, but it's clearly the same permissions problem as with PostgreSQL. So the same solution should work fine. This allows you to leave the permissions on /etc/letsencrypt as they are :

• copy the certificates to your Node.js directory
• chown the copied files to your "node" user

You can have a script doing that in /etc/letsencrypt/renewal-hooks/deploy which will be called everytime you renew your certificates.

Example /etc/letsencrypt/renewal-hooks/deploy/10-certbot-copy-certs :

#!/bin/bash

domain=domain.work # using your example name
node_dir=/path/to/cert_copies
node_user=nodeuser

cp /etc/letsencrypt/live/$domain/{fullchain,privkey}.pem "$node_dir"/
chown $node_user "$node_dir"/*.pem