403 error updating let's encrypt certificate

bksales · January 7, 2017, 4:40pm

i noticed the following error on our pbx today

There was an error updating the certificate: 403 Forbidden Forbidden You don’t have permission to access /.freepbx-known/4039c81a67d2d7f0ff9f7f577c352c65 on this server. Apache/2.2.15 (CentOS) Server at xxxx.yyyy.net Port 80

the file is owned by asterisk, but unlike the other files in the directory it did not have the write permission for the group asterisk. changing the file permissions and restarting apache did not solve the problem. it gives me the same error message with a different file name. it seems the file is being created without the proper permisssions.

lgaetz · January 7, 2017, 4:55pm

Does this fix it:

fwconsole chown

bksales · January 7, 2017, 7:25pm

nope - tried that as well. the only thing i have not tried is rebooting the pbx

bksales · January 7, 2017, 7:40pm

rebooting did not change anything either. suggestions?

lgaetz · January 7, 2017, 7:42pm

Based on your sanitized post, you should be able to browse to the url, assuming it is not blocked by a firewall or apache credentials:

http://xxxx.yyyy.net:80/.freepbx-known/4039c81a67d2d7f0ff9f7f577c352c65

bksales · January 10, 2017, 12:59am

interesting in that if i use the url you reference it does not work but if i go to https:/xxxx.yyy.net it does work and does not complain about the certificate.

tm1000 · January 10, 2017, 5:39am

Needs to work without https. What’s the error you get

bksales · January 10, 2017, 5:00pm

Forbidden
You don’t have permission to access /.freepbx-known/400183a8e646f8d9bd02da07ad9074b6 on this server.

Apache/2.2.15 (CentOS) Server at bkssfree.bkss.net Port 80

tm1000 · January 10, 2017, 5:33pm

Solution:

bksales · February 8, 2017, 1:57pm

sorry for the long delay in responding. your suggested fix (the updated sysadmin) did fix the problem. thanks again for the help