nixcloud-webservices icon indicating copy to clipboard operation
nixcloud-webservices copied to clipboard

Published 20 hours ago verified publisher icon nixcloud

Permission error certificate TLS-acmeSupplied

Open leenaars opened this issue 6 years ago • 4 comments

I wanted to upgrade my test instance but I'm consistently gettting a permission error on the certificate install phase for all certs:

8z9z3qyyybqqhvyk0z7fnkqymfvm287q-unit-script-nixcloud.TLS-acmeSupplied-test.com-start[12817]: /nix/store/8z9z3qyyybqqhvyk0z7fnkqymfvm287q-unit-script-nixcloud.TLS-acmeSupplied-test.com-start: line 2: cd: /var/lib/nixcloud/TLS/test.com/acmeSupplied: Permission denied

leenaars avatar Dec 04 '18 14:12 leenaars

nixos-version says?

qknight avatar Dec 04 '18 20:12 qknight

can you do a: rm -Rf /var/lib/nixcloud/TLS

qknight avatar Dec 04 '18 20:12 qknight

My version is 18.09.d45a0d7-nixcloud_decec0f (Jellyfish)

leenaars avatar Dec 04 '18 21:12 leenaars

can you list the service files, mine look like this (my nixcloud-webservices is on 975d7ff)

root@status ~# systemctl cat nixcloud.TLS-acmeSupplied-status.nixcloud.io.timer
# /nix/store/rjwk2qf2mw10x2q8pd8iqqckyqy7zwh0-unit-nixcloud.TLS-acmeSupplied-status.nixcloud.io.timer/nixcloud.TLS-acmeSupplied-status.nixcloud.io.timer
[Unit]
Description=Renew ACME Certificate for status.nixcloud.io

[Timer]
AccuracySec=5m
OnCalendar=daily
Persistent=yes
RandomizedDelaySec=1h
Unit=nixcloud.TLS-acmeSupplied-status.nixcloud.io.service

root@status ~# systemctl cat nixcloud.TLS-acmeSupplied-status.nixcloud.io.service
# /nix/store/gswik8lyf8i6i9l6w6gdlwx0vkds39w3-unit-nixcloud.TLS-acmeSupplied-status.nixcloud.io.service/nixcloud.TLS-acmeSupplied-status.nixcloud.io.service
[Unit]
After=network-online.target nixcloud.TLS-acmeSuppliedPreliminary-status.nixcloud.io.service nixcloud.reverse-proxy.service
Before=nixcloud.TLS-acmeSupplied-certificates.target
Description=nixcloud.TLS: create acmeSupplied certificate for status.nixcloud.io
Requires=nixcloud.TLS-acmeSuppliedPreliminary-status.nixcloud.io.service nixcloud.reverse-proxy.service

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/78yiqfgzz2b32pn391najl1k1jqch2hf-glibc-locales-2.27/lib/locale/locale-archive"
Environment="PATH=/nix/store/wm8va53fh5158ipi0ic9gir64hrvqv1z-coreutils-8.29/bin:/nix/store/g5dlpwd44kd75i71nwzii8w4bp4inxwk-findutils-4.6.0/bin:/nix/store/9f89z51na7w931aja8lqlmhqny9h16cj-gnugrep-3.1/bin:/nix/store/ny5p32137wfyzdm485xf>
Environment="TZDIR=/nix/store/qh0473bw25p2nciwmvc24dwamc920485-tzdata-2018e/share/zoneinfo"



ExecStart=/nix/store/m5nh038yvxk6788sn7jqj0zn97xmic34-unit-script-nixcloud.TLS-acmeSupplied-status.nixcloud.io-start 
ExecStartPost=/nix/store/ml7x6ib89p1w5ilq9bs4vfpr709br60r-unit-script-nixcloud.TLS-acmeSupplied-status.nixcloud.io-post-start
ExecStartPre=/nix/store/iarmw8r1zhahsd3cp18bvzdfq6lprg4h-unit-script-nixcloud.TLS-acmeSupplied-status.nixcloud.io-pre-start
PermissionsStartOnly=true
ProtectSystem=strict
ReadWritePaths=-/var/lib/nixcloud/TLS/status.nixcloud.io/acmeSupplied
RuntimeDirectory=nixcloud/lego/status.nixcloud.io/challenges
SupplementaryGroups=status-nixcloud-io
Type=oneshot
User=nixcloud-lego-user

qknight avatar Dec 04 '18 21:12 qknight