Settings directory is created with root permissions as pre-flight check is launched as root (should be lauched as the unprivileged account)
During the first run of the daemon, the following directories are created with root permissions by mistake and causing permission errors when trying to write out the certificate files:
~/.small-tech.org/site.js/tls/global/production/…
↑··································↑↑············
OK root (erroneous)
Error message:
Jun 18 16:10:29 ar.al site[18221]: 📕 ❨auto-encrypt❩ Directory is using endpoint https://acme-v02.api.letsencrypt.org/directory
Jun 18 16:10:29 ar.al site[18221]: 👤 ❨auto-encrypt❩ Creating identity (/home/aral/.small-tech.org/site.js/tls/global/production/account-identity.pem)
Jun 18 16:10:30 ar.al site[18221]: (node:18221) UnhandledPromiseRejectionWarning: Error: EACCES: permission denied, open '/home/aral/.small-tech.org/site.js/tls/global/production/account-identity.pem'
Jun 18 16:10:30 ar.al site[18221]: at Object.openSync (fs.js:458:3)
Jun 18 16:10:30 ar.al site[18221]: at Object.writeFileSync (fs.js:1283:35)
Jun 18 16:10:30 ar.al site[18221]: at new Identity (/usr/local/bin/node_modules/@small-tech/auto-encrypt/lib/Identity.js:43:10)
Jun 18 16:10:30 ar.al site[18221]: at new AccountIdentity (/usr/local/bin/node_modules/@small-tech/auto-encrypt/lib/identities/AccountIdentity.js:21:5)
Jun 18 16:10:30 ar.al site[18221]: at Certificate.createSecureContext (/usr/local/bin/node_modules/@small-tech/auto-encrypt/lib/Certificate.js:216:31)
Jun 18 16:10:30 ar.al site[18221]: at processTicksAndRejections (internal/process/task_queues.js:97:5)
Jun 18 16:10:30 ar.al site[18221]: at async Certificate.getSecureContext (/usr/local/bin/node_modules/@small-tech/auto-encrypt/lib/Certificate.js:46:7)
Jun 18 16:10:30 ar.al site[18221]: at async TLSSocket.options.SNICallback [as _SNICallback] (/usr/local/bin/node_modules/@small-tech/auto-encrypt/index.js:161:31)
Jun 18 16:10:30 ar.al site[18221]: (node:18221) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
Jun 18 16:10:30 ar.al site[18221]: (node:18221) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
Logs:
aral ~ $ journalctl | grep ❨
Hint: You are currently not seeing messages from other users and the system.
Users in groups 'adm', 'systemd-journal' can see all messages.
Pass -q to turn off this notice.
Jun 18 16:10:26 ar.al site[18221]: 😇 ❨site.js❩ Linux: about to disable privileged ports so we can bind to ports < 1024.
Jun 18 16:10:26 ar.al site[18221]: ❨site.js❩ For details, see: https://source.small-tech.org/site.js/app/-/issues/169
Jun 18 16:10:26 ar.al site[18221]: 🌍 ❨site.js❩ Using globally-trusted certificates.
Jun 18 16:10:26 ar.al site[18221]: 👉 ❨site.js❩ Aliases: also responding for www.ar.al, 2018.ar.al, aralbalkan.com, www.aralbalkan.com.
Jun 18 16:10:26 ar.al site[18221]: 🔒 ❨https❩ Creating server with globally-trusted Let’s Encrypt certificates.
Jun 18 16:10:26 ar.al site[18221]: ⚙️ ❨auto-encrypt❩ Configuration initialised.
Jun 18 16:10:26 ar.al site[18221]: 📃 ❨auto-encrypt❩ Certificate does not exist; will be provisioned on first hit of the server.
Jun 18 16:10:26 ar.al site[18221]: 🔒 ❨https❩ Created HTTPS server.
Jun 18 16:10:26 ar.al site[18221]: 🧚♀️ ❨site.js❩ Ensuring domains are reachable before starting global server.
Jun 18 16:10:26 ar.al site[18221]: ✨ ❨site.js❩ Pre-flight domain reachability check server started.
Jun 18 16:10:26 ar.al site[18221]: ✨ ❨site.js❩ Attempting to reach domain ar.al…
Jun 18 16:10:26 ar.al site[18221]: 💖 ❨site.js❩ ar.al is reachable.
Jun 18 16:10:26 ar.al site[18221]: ✨ ❨site.js❩ Attempting to reach domain www.ar.al…
Jun 18 16:10:26 ar.al site[18221]: 💖 ❨site.js❩ www.ar.al is reachable.
Jun 18 16:10:26 ar.al site[18221]: ✨ ❨site.js❩ Attempting to reach domain 2018.ar.al…
Jun 18 16:10:26 ar.al site[18221]: 💖 ❨site.js❩ 2018.ar.al is reachable.
Jun 18 16:10:26 ar.al site[18221]: ✨ ❨site.js❩ Attempting to reach domain aralbalkan.com…
Jun 18 16:10:27 ar.al site[18221]: 💖 ❨site.js❩ aralbalkan.com is reachable.
Jun 18 16:10:27 ar.al site[18221]: ✨ ❨site.js❩ Attempting to reach domain www.aralbalkan.com…
Jun 18 16:10:27 ar.al site[18221]: 💖 ❨site.js❩ www.aralbalkan.com is reachable.
Jun 18 16:10:27 ar.al site[18221]: ✨ ❨site.js❩ Pre-flight domain reachability check server stopped.
Jun 18 16:10:27 ar.al site[18221]: 🐁 ❨site.js❩ Found .https/.wss folders. Will load dynamic routes from there.
Jun 18 16:10:27 ar.al site[18221]: 🌱 ❨site.js❩ Evergreen web: serving archive #1
Jun 18 16:10:27 ar.al site[18221]: 🐁 ❨site.js❩ Adding WebSocket (WSS) route: /chat-final-version
Jun 18 16:10:27 ar.al site[18221]: 🐁 ❨site.js❩ Adding WebSocket (WSS) route: /chat
Jun 18 16:10:27 ar.al site[18221]: 🎉 ❨site.js❩ Serving /home/aral/dist/site on https://ar.al
Jun 18 16:10:27 ar.al site[18221]: 📊 ❨site.js❩ For statistics, see https://ar.al/59290c6f59be4cc8b4eed2e11d4e9692
Jun 18 16:10:27 ar.al site[18221]: ⏰ ❨site.js❩ Setting up auto-update check interval.
Jun 18 16:10:29 ar.al site[18221]: 📕 ❨auto-encrypt❩ Directory is using endpoint https://acme-v02.api.letsencrypt.org/directory
Jun 18 16:10:29 ar.al site[18221]: 👤 ❨auto-encrypt❩ Creating identity (/home/aral/.small-tech.org/site.js/tls/global/production/account-identity.pem)
Jun 18 16:10:30 ar.al site[18221]: 🛰 ❨site.js❩ Running auto update check…
Jun 18 16:10:30 ar.al site[18221]: ❌ ❨site.js❩ Error: Could not check for updates.
Jun 18 16:10:33 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:10:33 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:10:35 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:10:35 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:10:38 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:02 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:07 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:10 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:10 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:21 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:26 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:26 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:28 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:29 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:29 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:31 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:41 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:51 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:51 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:11:54 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:12:08 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
Jun 18 16:12:10 ar.al site[18221]: ⏳ ❨auto-encrypt❩ We’re busy provisioning TLS certificates and rejecting all other calls at the moment.
😃 aral ~ $