Acme.sh: Permission denied problem in standalone mode
Steps to reproduce
I'm trying to issue a certificate in standalone mode but get a permission denied error. But the further instructions tells that using sudo is not recommended:
It seems that you are using sudo, please read this link first:
https://github.com/Neilpang/acme.sh/wiki/sudo
What should I do?
Debug log
acme.sh -d example.com --issue --standalone --keylength ec-256 --debug
[Sat Dec 7 16:58:49 UTC 2019] Lets find script dir.
[Sat Dec 7 16:58:49 UTC 2019] _SCRIPT_='/home/ubuntu/.acme.sh/acme.sh'
[Sat Dec 7 16:58:49 UTC 2019] _script='/home/ubuntu/.acme.sh/acme.sh'
[Sat Dec 7 16:58:49 UTC 2019] _script_home='/home/ubuntu/.acme.sh'
[Sat Dec 7 16:58:50 UTC 2019] Using config home:/home/ubuntu/.acme.sh
https://github.com/Neilpang/acme.sh
v2.8.4
[Sat Dec 7 16:58:50 UTC 2019] Running cmd: issue
[Sat Dec 7 16:58:50 UTC 2019] _main_domain='example.com'
[Sat Dec 7 16:58:50 UTC 2019] _alt_domains='no'
[Sat Dec 7 16:58:50 UTC 2019] Using config home:/home/ubuntu/.acme.sh
[Sat Dec 7 16:58:50 UTC 2019] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sat Dec 7 16:58:50 UTC 2019] DOMAIN_PATH='/home/ubuntu/.acme.sh/example.com_ecc'
[Sat Dec 7 16:58:50 UTC 2019] Using ACME_DIRECTORY: https://acme-v02.api.letsencrypt.org/directory
[Sat Dec 7 16:58:50 UTC 2019] _init api for server: https://acme-v02.api.letsencrypt.org/directory
[Sat Dec 7 16:58:50 UTC 2019] GET
[Sat Dec 7 16:58:50 UTC 2019] url='https://acme-v02.api.letsencrypt.org/directory'
[Sat Dec 7 16:58:50 UTC 2019] timeout=
[Sat Dec 7 16:58:50 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sat Dec 7 16:58:50 UTC 2019] ret='0'
[Sat Dec 7 16:58:50 UTC 2019] ACME_KEY_CHANGE='https://acme-v02.api.letsencrypt.org/acme/key-change'
[Sat Dec 7 16:58:50 UTC 2019] ACME_NEW_AUTHZ
[Sat Dec 7 16:58:50 UTC 2019] ACME_NEW_ORDER='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Dec 7 16:58:50 UTC 2019] ACME_NEW_ACCOUNT='https://acme-v02.api.letsencrypt.org/acme/new-acct'
[Sat Dec 7 16:58:50 UTC 2019] ACME_REVOKE_CERT='https://acme-v02.api.letsencrypt.org/acme/revoke-cert'
[Sat Dec 7 16:58:50 UTC 2019] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Sat Dec 7 16:58:50 UTC 2019] ACME_NEW_NONCE='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Dec 7 16:58:50 UTC 2019] ACME_VERSION='2'
[Sat Dec 7 16:58:50 UTC 2019] Le_NextRenewTime
[Sat Dec 7 16:58:50 UTC 2019] _on_before_issue
[Sat Dec 7 16:58:50 UTC 2019] _chk_main_domain='example.com'
[Sat Dec 7 16:58:50 UTC 2019] _chk_alt_domains
[Sat Dec 7 16:58:50 UTC 2019] Le_LocalAddress
[Sat Dec 7 16:58:50 UTC 2019] d='example.com'
[Sat Dec 7 16:58:50 UTC 2019] Check for domain='example.com'
[Sat Dec 7 16:58:50 UTC 2019] _currentRoot='no'
[Sat Dec 7 16:58:50 UTC 2019] Standalone mode.
[Sat Dec 7 16:58:50 UTC 2019] _checkport='80'
[Sat Dec 7 16:58:50 UTC 2019] _checkaddr
[Sat Dec 7 16:58:50 UTC 2019] Using: ss
[Sat Dec 7 16:58:50 UTC 2019] d
[Sat Dec 7 16:58:50 UTC 2019] _saved_account_key_hash is not changed, skip register account.
[Sat Dec 7 16:58:50 UTC 2019] Read key length:ec-256
[Sat Dec 7 16:58:50 UTC 2019] _createcsr
[Sat Dec 7 16:58:50 UTC 2019] Single domain='example.com'
[Sat Dec 7 16:58:50 UTC 2019] Getting domain auth token for each domain
[Sat Dec 7 16:58:51 UTC 2019] d
[Sat Dec 7 16:58:51 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Dec 7 16:58:51 UTC 2019] payload='{"identifiers": [{"type":"dns","value":"example.com"}]}'
[Sat Dec 7 16:58:51 UTC 2019] RSA key
[Sat Dec 7 16:58:51 UTC 2019] HEAD
[Sat Dec 7 16:58:51 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-nonce'
[Sat Dec 7 16:58:51 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g -I '
[Sat Dec 7 16:58:51 UTC 2019] _ret='0'
[Sat Dec 7 16:58:51 UTC 2019] POST
[Sat Dec 7 16:58:51 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/new-order'
[Sat Dec 7 16:58:51 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sat Dec 7 16:58:52 UTC 2019] _ret='0'
[Sat Dec 7 16:58:52 UTC 2019] code='201'
[Sat Dec 7 16:58:52 UTC 2019] Le_LinkOrder='https://acme-v02.api.letsencrypt.org/acme/order/73321592/1696172534'
[Sat Dec 7 16:58:52 UTC 2019] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/73321592/1696172534'
[Sat Dec 7 16:58:52 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1602122408'
[Sat Dec 7 16:58:52 UTC 2019] payload
[Sat Dec 7 16:58:52 UTC 2019] POST
[Sat Dec 7 16:58:52 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/authz-v3/1602122408'
[Sat Dec 7 16:58:52 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sat Dec 7 16:58:53 UTC 2019] _ret='0'
[Sat Dec 7 16:58:53 UTC 2019] code='200'
[Sat Dec 7 16:58:53 UTC 2019] d='example.com'
[Sat Dec 7 16:58:53 UTC 2019] Getting webroot for domain='example.com'
[Sat Dec 7 16:58:53 UTC 2019] _w='no'
[Sat Dec 7 16:58:53 UTC 2019] _currentRoot='no'
[Sat Dec 7 16:58:53 UTC 2019] entry='"type":"http-01","status":"pending","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA","token":"QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg"'
[Sat Dec 7 16:58:53 UTC 2019] token='QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg'
[Sat Dec 7 16:58:53 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:53 UTC 2019] keyauthorization='QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg.teYNPwUjG-FEQ9eKWpC3wqGbblMICUWOZbCEKtEE9rU'
[Sat Dec 7 16:58:53 UTC 2019] dvlist='example.com#QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg.teYNPwUjG-FEQ9eKWpC3wqGbblMICUWOZbCEKtEE9rU#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA#http-01#no'
[Sat Dec 7 16:58:53 UTC 2019] d
[Sat Dec 7 16:58:53 UTC 2019] vlist='example.com#QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg.teYNPwUjG-FEQ9eKWpC3wqGbblMICUWOZbCEKtEE9rU#https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA#http-01#no,'
[Sat Dec 7 16:58:53 UTC 2019] d='example.com'
[Sat Dec 7 16:58:53 UTC 2019] ok, let's start to verify
[Sat Dec 7 16:58:53 UTC 2019] Verifying: example.com
[Sat Dec 7 16:58:53 UTC 2019] d='example.com'
[Sat Dec 7 16:58:53 UTC 2019] keyauthorization='QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg.teYNPwUjG-FEQ9eKWpC3wqGbblMICUWOZbCEKtEE9rU'
[Sat Dec 7 16:58:53 UTC 2019] uri='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:53 UTC 2019] _currentRoot='no'
[Sat Dec 7 16:58:53 UTC 2019] Standalone mode server
[Sat Dec 7 16:58:53 UTC 2019] content='QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg.teYNPwUjG-FEQ9eKWpC3wqGbblMICUWOZbCEKtEE9rU'
[Sat Dec 7 16:58:53 UTC 2019] ncaddr
[Sat Dec 7 16:58:53 UTC 2019] startserver: 5922
[Sat Dec 7 16:58:53 UTC 2019] Le_HTTPPort='80'
[Sat Dec 7 16:58:53 UTC 2019] Le_Listen_V4
[Sat Dec 7 16:58:53 UTC 2019] Le_Listen_V6
[Sat Dec 7 16:58:53 UTC 2019] _content_len='87'
[Sat Dec 7 16:58:53 UTC 2019] _NC='socat TCP-LISTEN:80,crlf,reuseaddr,fork'
2019/12/07 16:58:53 socat[6714] E bind(5, {AF=2 0.0.0.0:80}, 16): Permission denied
[Sat Dec 7 16:58:54 UTC 2019] serverproc='6714'
[Sat Dec 7 16:58:54 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:54 UTC 2019] payload='{}'
[Sat Dec 7 16:58:54 UTC 2019] POST
[Sat Dec 7 16:58:54 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:54 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sat Dec 7 16:58:55 UTC 2019] _ret='0'
[Sat Dec 7 16:58:55 UTC 2019] code='200'
[Sat Dec 7 16:58:55 UTC 2019] trigger validation code: 200
[Sat Dec 7 16:58:55 UTC 2019] sleep 2 secs to verify
[Sat Dec 7 16:58:57 UTC 2019] checking
[Sat Dec 7 16:58:57 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:57 UTC 2019] payload
[Sat Dec 7 16:58:57 UTC 2019] POST
[Sat Dec 7 16:58:57 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:57 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sat Dec 7 16:58:58 UTC 2019] _ret='0'
[Sat Dec 7 16:58:58 UTC 2019] code='200'
[Sat Dec 7 16:58:58 UTC 2019] example.com:Verify error:Fetching http://example.com/.well-known/acme-challenge/QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg: Connection refused
[Sat Dec 7 16:58:58 UTC 2019] Debug: get token url.
[Sat Dec 7 16:58:58 UTC 2019] GET
[Sat Dec 7 16:58:58 UTC 2019] url='http://example.com/.well-known/acme-challenge/QM5V1A3LcxZXr12_5gY3Uh1zh1p-7UARBMLhkK_OxKg'
[Sat Dec 7 16:58:58 UTC 2019] timeout=1
[Sat Dec 7 16:58:58 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g --connect-timeout 1'
[Sat Dec 7 16:58:58 UTC 2019] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Sat Dec 7 16:58:58 UTC 2019] ret='7'
[Sat Dec 7 16:58:58 UTC 2019] Skip for removelevel:
[Sat Dec 7 16:58:58 UTC 2019] pid='6714'
/home/ubuntu/.acme.sh/acme.sh: line 2262: kill: (6714) - No such process
[Sat Dec 7 16:58:58 UTC 2019] No need to restore nginx, skip.
[Sat Dec 7 16:58:58 UTC 2019] _clearupdns
[Sat Dec 7 16:58:58 UTC 2019] dns_entries
[Sat Dec 7 16:58:58 UTC 2019] skip dns.
[Sat Dec 7 16:58:58 UTC 2019] _on_issue_err
[Sat Dec 7 16:58:58 UTC 2019] Please add '--debug' or '--log' to check more details.
[Sat Dec 7 16:58:58 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Sat Dec 7 16:58:58 UTC 2019] url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:58 UTC 2019] payload='{}'
[Sat Dec 7 16:58:58 UTC 2019] POST
[Sat Dec 7 16:58:58 UTC 2019] _post_url='https://acme-v02.api.letsencrypt.org/acme/chall-v3/1602122408/Ig1CTA'
[Sat Dec 7 16:58:58 UTC 2019] _CURL='curl -L --silent --dump-header /home/ubuntu/.acme.sh/http.header -g '
[Sat Dec 7 16:58:59 UTC 2019] _ret='0'
[Sat Dec 7 16:58:59 UTC 2019] code='400'
[Sat Dec 7 16:58:59 UTC 2019] Diagnosis versions:
openssl:openssl
OpenSSL 1.1.1 11 Sep 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
abstract-client:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-connect:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-listen:<filename> groups=FD,SOCKET,LISTEN,CHILD,RETRY,UNIX
abstract-recv:<filename> groups=FD,SOCKET,RETRY,UNIX
abstract-recvfrom:<filename> groups=FD,SOCKET,CHILD,RETRY,UNIX
abstract-sendto:<filename> groups=FD,SOCKET,RETRY,UNIX
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
interface:<interface> groups=FD,SOCKET
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
tun[:<ip-addr>/<bits>] groups=FD,CHR,NAMED,OPEN,INTERFACE
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
chimit
All 5 comments
switch to root user with sudo su frist.
Then install acme.sh for root user.
Then use it.
Neilpang
on 19 Dec 2019
👍2
👎1
I think it's not a good idea to install something in your /root directory. Especially if the script itself recommends you no to do that.
chimit
on 15 Jun 2020
👍1
I found the root cause. socat should be given permission open 80 port. run:
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/socat
and try again.
teapethu
on 12 Nov 2020
👍2
❤1
@teapethu Excellent answer. Thank you.
limitedAtonement
on 28 Nov 2020
@teapethu you are a legend! many thanks <3
westofer
on 29 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
extensionsapp
路
4Comments
axiades
路
3Comments
FernandoMiguel
路
5Comments
caruccio
路
5Comments
noplanman
路
4Comments
Most helpful comment
I found the root cause. socat should be given permission open 80 port. run:
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/socat
and try again.