acme.sh
acme.sh copied to clipboard
acmesh-official
sudo warning
Hello,
This issue report says not to run sudo, but to use sudo su, and then issue the certs as root. However, when doing so, it throws this error:
It seems that you are using sudo, please read this link first: https://github.com/Neilpang/acme.sh/wiki/sudo
This a FreeBSD-12.0-RELEASE-p10 machine with an OpenBSD httpd webserver, which chroots the /var/www/htdocs directory. Web content is only accessible by the www user, which has limited access to the system. Hence the cert must be issued as root.
Do we still need to pass the --force flag, even as root?
Thank you
Yes the warning makes no sense. I have a wrapper script that I run using sudo, which handles some stuff like putting certificate files into the right directories and su's to the unprivileged acme user to run acme.sh. However acme.sh still complains about the use of sudo. I work around it by unsetting the variables SUDO_UID, SUDO_GID and SUDO_USER in the wrapper script before calling acme.sh.
Below is my my env. On FreeBSD, the root user defaults to /bin/csh, and the others default to /bin/sh. However, as root, I specifically entered /bin/sh before executing acme.sh.
VENDOR=amd SUDO_COMMAND=/usr/bin/su LOGNAME=root PAGER=less OSTYPE=FreeBSD MACHTYPE=x86_64 MAIL=/var/mail/root PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin EDITOR=vi HOST=myserver REMOTEHOST=XXX.XX.XXX.XX.lightspeed.sntcca.sbcglobal.net OLDPWD=/root SUDO_GID=1002 PWD=/root GROUP=wheel TERM=st-256color HOME=/root USER=root HOSTTYPE=FreeBSD SHELL=/bin/csh SUDO_USER=mysuer SUDO_UID=1002 BLOCKSIZE=K SHLVL=1
@Marco01809 @Neilpang Should be fixed by PR https://github.com/Neilpang/acme.sh/pull/2574.
FYI sudo su does the user assumption operation twice (check the auth logs or watch strace output)
It would be better to document/advise sudo -i or sudo -l @Neilpang
