geerlingguy/ansible-role-apache

CentOS 8 checking httpd certs permissions error

nhojpatrick opened this issue · 2 comments

nhojpatrick commented

Running on a vagrant centos/8 vm gives me this error;

TASK [geerlingguy.apache : Ensure httpd certs are installed (RHEL 8 and later).] **********************************************************************************************
fatal: [HOST]: FAILED! => {"changed": true, "cmd": ["/usr/libexec/httpd-ssl-gencerts"], "delta": "0:00:00.018861", "end": "2021-03-12 18:36:39.526050", "msg": "non-zero return code", "rc": 13, "start": "2021-03-12 18:36:39.507189", "stderr": "Could not write to /etc/pki/tls/certs/localhost.crt. Check directory permissions.", "stderr_lines": ["Could not write to /etc/pki/tls/certs/localhost.crt. Check directory permissions."], "stdout": "", "stdout_lines": []}

Trying to get a vhost websockets proxy working but appears to be issue with centos/7 and the version of apache installed so trying centos/8 which is when I discovered this error.

On CentOS 7, on a brand new vm I see;

[vagrant@webhostc7 ~]$ ls -l /etc/pki/tls/certs/
total 16
lrwxrwxrwx. 1 root root   49 Apr 30  2020 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root   55 Apr 30  2020 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-------. 1 root root 1395 Mar 12 16:34 localhost.crt
-rwxr-xr-x. 1 root root  610 Aug  9  2019 make-dummy-cert
-rw-r--r--. 1 root root 2516 Aug  9  2019 Makefile
-rwxr-xr-x. 1 root root  829 Aug  9  2019 renew-dummy-cert
[vagrant@webhostc7 ~]$

On CentOS 8, on a brand new vm I see;

[vagrant@webhostc8 ~]$ ls -l /etc/pki/tls/certs/
total 0
lrwxrwxrwx. 1 root root 49 Aug 11  2020 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx. 1 root root 55 Aug 11  2020 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
[vagrant@webhostc8 ~]$
stale commented

This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark issues as stale.

stale commented

This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.