Error in issuing certificates: "Failed to change owner" "Operation not permitted"

[FlyThePlanet]

Hi,

I have a "Business" shared hosting plan from Hostinger.
It offers the possibility to setup up to 100 websites, but unfortunately only 1 Let's Encrypt certificate 😧

So I try to follow the tutorial they published from 2015 to 2017, before they removed it when they started to charge their automated procedure.
https://web.archive.org/web/20190913171422/http://www.hostinger.com/tutorials/ssl/how-to-install-free-ssl-from-lets-encypt-on-shared-hosting

This procedure uses your acme-client.

The first steps are working fine:

• Connection in SSH
• acme-client cloning
• Downloading and installing composer
• Registering with Let's Encrypt (just need to add "--agree-terms" in the command to make it work)

But I have an error with the last step, Step 3, with the process of generating the SSL certificate.
This command...
php bin/acme issue --domains mydomain.com:www.mydomain.com --path /home/u000000093/domains/mydomain.com/public_html:/home/u000000093/domains/mydomain.com/public_html --server letsencrypt

...generates this error message:

Amp\Parallel\Worker\TaskFailureException:
 Uncaught Amp\File\FilesystemException in worker with message "Failed to
 change owner for 
'/home/u000000093/acme-client/data/certs/acme-v02.api.letsencrypt.org.directory/mydomain.com/key.pem':
 chown(): Operation not permitted" and code "0"; use 

Amp\Parallel\Worker\TaskFailure Exception::getOriginalTrace() for the 
stack trace in the worker in 
/home/u000000093/acme-client/vendor/amphp/parallel/lib/Worker/Internal/TaskFailure.php:63Next
 Amp\File\FilesystemException: The file operation failed in 
/home/u000000093/acme-client/vendor/amphp/file/src/Driver/ParallelDriver.php:132Next

Kelunik\AcmeClient\Stores\KeyStoreException: Could not save key: The 
file operation failed in 
/home/u000000093/acme-client/src/Stores/KeyStore.php:54

It seems related to "Failed to change owner" for the "key.pem" file. "Operation not permitted".
Of course, as I'm on a shared hosting, I can't log with the "root" account.
But I don't think it's required as this exact same procedure, written by Hostinger, was working perfectly fine without.

Also, FYI in the command processing log, before the error message we can see 2 times 3 certificates and at least a first "key.perm" file is generated. But the certificate it contains is none of the 3 we can see in the log.

At last, it seems related to this old feature request: #6

But I don't know why it's still not working 5 years after the fix.
Is it the new issue?

Thanks!

P.S.: I'm not trying to contact Hostinger at this stage as they already declined giving support to this procedure in the past, since they sell an automated one (cf. 4th last comment below the Hostinger procedure).

[osirisinferi]

This error is probably due to an incorrect change made in:

6bfa43d#diff-2250760016a00c9ac1697a3e6509ae5ddc7ab2b22623a7772c5349d5d384c7b6L45-R42

From chmod() to changeOwner() instead of changePermissions().

[FlyThePlanet]

This error is probably due to an incorrect change made in:

6bfa43d#diff-2250760016a00c9ac1697a3e6509ae5ddc7ab2b22623a7772c5349d5d384c7b6L45-R42

From chmod() to changeOwner() instead of changePermissions().

I confirm!
IMO, @osirisinferi 's fix is correct.

In acme-client/src/Stores/KeyStore.php, I replaced...
yield File\changeOwner($file, 0600);
by...
yield File\changePermissions($file, 0600);
and I could issue the certificate.

Thanks @osirisinferi !

[kelunik]

@osirisinferi The code you linked changed from chown to changeOwner, not from chmod, but I guess it's the -1 which should be null now?

[FlyThePlanet]

@kelunik , his detailed suggestion is here...
https://community.letsencrypt.org/t/error-in-issuing-certificates-with-kelunik-acme-client-on-hostinger/157446/10?u=ftp

[kelunik]

Thanks! I've released 1.0.0 Beta 2 with a fix.