Forum OpenACS Q&A: Re: nsssl Permission denied

Posted by Gustaf Neumann on

The error message is from OpenSSL and is a "permission denied".

% openssl errstr 200100D
error:0200100D:system library:fopen:Permission denied

You have in your NaviServer configuration the certificate on a place which is the default of certbot. Since NaviServer is running per default with group nsadmin and user nsadmin it has no permissions to read the certificate from there. Check the certbot documentation on [1] and search for "permissions". You might wish to provide a deploy-hook-script to copy the certificate to a place where NaviServer can read it. The NaviServer plugin [2] places the certificates under "[ns_info home]/modules/nsssl" ( uses e.g. [3]). Don't forget to update the path specified by certificate in the NaviServer config file.

all the best

[3] /usr/local/ns/modules/nsssl/