Influxdb: Permission denied while opening .pem file readable by others

Created on 12 Sep 2016  路  5Comments  路  Source: influxdata/influxdb

Bug report

System info: influxd 1.0.0 on Ubuntu 16.04.1.

Steps to reproduce:

  1. Create a certificate with LetsEncrypt: [stop web server if any &&] apt install letsencrypt && letsencrypt certonly -d mydomain.com
  2. See what the symlink created by LetsEncrypt points to:

ls -al /etc/letsencrypt/archive/mydomain.com/cert.pem

  1. Check the file attributes (it should be readable by all), e.g.

ls -al /etc/letsencrypt/archive/mydomain.com/cert1.pem` will show `-rw-r--r--`

  1. Edit influxdb.conf to point to the certificate in the [http] section:
  2. systemctl restart influxdb # wait ~10 seconds
  3. journalctl -u influxdb

I see the service failing, and somewhere up buried in the logs is this error:

run: open server: open service: open /etc/letsencrypt/archive/mydomain.com/cert1.pem: permission denied

If I execute influxd as root (not a good idea), it launches successfully, and SSL works.

I've even created a special group to give access to the .pem files, but I keep getting the same error.

addgroup sslapps
adduser influxdb sslapps
chown -vR :sslapps /etc/letsencrypt/archive/yourdomain/
chmod -vR g+r /etc/letsencrypt/archive/yourdomain/
picture dandv

Most helpful comment

Solution: make sure that all directories leading up to the .pem file(s) are executable by the group. For example, using namei:

namei -l /etc/letsencrypt/live/yourdomain/cert.pem
picture dandv on 12 Sep 2016
🎉4

All 5 comments

Solution: make sure that all directories leading up to the .pem file(s) are executable by the group. For example, using namei:

namei -l /etc/letsencrypt/live/yourdomain/cert.pem
dandv picture dandv on 12 Sep 2016
🎉4

You Sir, are a scholar and a gentleman. Hvala & Danke!

Alexander-Kreisler picture Alexander-Kreisler on 8 Apr 2018
😄3

I tried everything, I encounter the same issue and nothing helped so far.

holdsworth picture holdsworth on 28 Jun 2018

These aren't working for me either

wrossmorrow picture wrossmorrow on 24 Sep 2018

Please give me a solution

[ErrorException]
  file_get_contents(C:\wamp64\bin\php\php7.1.9\extras\ssl): failed to open stream: Permission denied
ankitInfyOm picture ankitInfyOm on 26 Dec 2018
👎1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

deepujain picture deepujain  路  3Comments
MayukhSobo picture MayukhSobo  路  3Comments
Raniz85 picture Raniz85  路  3Comments
binary0111 picture binary0111  路  3Comments
davidgubler picture davidgubler  路  3Comments