Solved acme.sh + mysql issue

I'm running in to a really strange issue tonight. I've upgraded databases/mysql56-server to the latest version and now when I restart MySQL, I receive the following error :
Code:
$ sudo /usr/local/etc/rc.d/mysql-server restart
Stopping mysql.
/root/.acme.sh/acme.sh.csh: Permission denied.
Waiting for PIDS: 61398.
Starting mysql.
/root/.acme.sh/acme.sh.csh: Permission denied.
$

I'm at a loss why it's trying to run /root/.acme.sh/acme.sh.csh when restarting. I also receive the same error when I am logged in as root. MySQL is on the same server and accessed via localhost.

Where should I start looking to fix this issue?
 
I have no explanation why MySQL server wants to run that script, but one thing is obvious: you ran (or set up to run) acme.sh as root. You should not do that, there is a user acme, which has to run acme.sh, it's home directory is /var/db/acme. The root's home should not contain acme stuff.
 
Ah, I didn't install it via the ports system. This is the error I see now when installing :
Code:
New packages to be INSTALLED:
        acme.sh: 2.7.9_1
        socat: 1.7.3.2_4

Number of packages to be installed: 2
[1/2] Installing socat-1.7.3.2_4...
[1/2] Extracting socat-1.7.3.2_4: 100%
[2/2] Installing acme.sh-2.7.9_1...
===> Creating groups.
Creating group 'acme' with gid '169'.
===> Creating users
Creating user 'acme' with uid '169'.
pw: user 'acme' disappeared during update
install: unknown user acme
pkg: PRE-INSTALL script failed
Unfortunately, the system upgraded failed.
 
you ran (or set up to run) acme.sh as root. You should not do that, there is a user acme, which has to run acme.sh, it's home directory is /var/db/acme.

Issuing a cert with the acme user generates an error:

Code:
It seems that you are using sudo, please read this link first: https://github.com/Neilpang/acme.sh/wiki/sudo

You have to use the --force flag to make it work, but then it throws another error because it needs to access /var/log to create the acme.sh.log file, which requires root access.

OpenBSD's httpd adds another element of clumsiness because it chroots the webroot /var/www/htdocs, which is typically owned by the www user on FreeBSD. The whole process feels cumbersome.

What are your thoughts on issuing the certs with root, but using the --home /var/db/acme flag, which installs everything in /var/db/acme. I tried it with the --staging flag (for testing) and it seems like a decent workaround. The permissions would have to changed to acme:acme afterwards.

By the way why where is the documentation about the acme user? I'm not seeing anything about this in the official acme.sh documentation, and the man pages didn't compile for some reason. Thank you.
 
Last edited by a moderator:
Back
Top