Issue
I have a Java application that references my letsencrypt cert.pem and privkey.pem file to secure a backend API. The files were generated by certbot by following this guide.
My application complains that the files do not exist, when they actually do. Which brings me to the conclusion that the Linux user that runs the application does not have access to the files.
I have tried various commands to grant myself access to the files but none have worked.
Here are the following commands I have tried:
sudo chmod 700 /etc/letsencrypt/live/domain/cert.pem
sudo chmod 777 /etc/letsencrypt/live/domain/cert.pem
sudo chown user /etc/letsencrypt/live/domain/cert.pem
sudo chmod a+rwx /etc/letsencrypt/live/domain/cert.pem
I am aware that these methods a probably not secure, as I am new to Linux and its permissions system, so any help would be greatly appreciated.
Solution
You need to change the file permissions of the parent directories as well. e.g. run
sudo chmod +x /etc/letsencrypt/live/domain
sudo chmod +x /etc/letsencrypt/live
sudo chmod +x /etc/letsencrypt/
In my case the "live" cert file is actually a symlink to another file but that already has the correct permissions. If not you will need to change the permissions on the actual file and it's parent directories as well. You can check if a file is a symlink via readlink. If it gives a result then you have a symlink and the location of the actual file.
I found this link useful https://unix.stackexchange.com/questions/13858/do-the-parent-directorys-permissions-matter-when-accessing-a-subdirectory
Answered By - Jeroen