ISPConfig with Laravel Websockets and Let's Encrypt

Discussion in 'General' started by kerrsmith, Dec 16, 2018.

  1. kerrsmith

    kerrsmith Member

    I have just set up Laravel Websockets on my ISPConfig test server and have successfully got it working but I have run in to a minor problem.

    In order to use SSL I need access to my Let's Encrypt certificates but as I am running my Laravel code as a non-root user I am not able to access the relevant SSL files in /var/www/my-domain/ssl/ (these link to the live certificates in /etc/letsencrypt/live/my-domain/). All the certificate files are owned by root.

    As a work around I have copied the two certificates I need to my user's home directory and changed their permissions to give my user access.

    This works successfully but it does mean every time the certificates expire I will have to copy them again.

    Is there a better method for what I am trying to achieve?

    Thanks in advance for any suggestions.
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    In settings for that website, is SUID on or off?
     
  3. kerrsmith

    kerrsmith Member

    I am not sure what you mean, I can not see any reference to this in my settings...

    Do you mean the SUID part of the permissions on the certificates?
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    No.
    The SUEXEC setting for the website.
     
  5. kerrsmith

    kerrsmith Member

    The SUEXEC setting for the domain is set to on (ticked, the default value I think).
     
  6. kerrsmith

    kerrsmith Member

    If I am not able to access these certificates as a non root user is there a way to trigger these files to be copied as soon as their certificate updates?

    If I manually set up a cron job for example I would probably not be able to time it to copy the files as soon as the certificate has been updated, this would mean the certificates I am using would be out of date for a while.
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Possible it is. Look for inspiration in @ahrasis script that copies certificates to other applications. It sets up incron to copy the certificates as soon as they change. See the le4ispc.sh script.
    https://github.com/ahrasis/LE4ISPC
     

Share This Page