I recently created my own CA and issued my first root cert, then intermediate, then finally a server cert/key/chain for apache.
When i switch from the letsencrypt certs added with certbot to the self generated certs, apache fails to start with:
Dec 20 07:52:07 test setroubleshoot[4859]: SELinux is preventing
/usr/sbin/httpd from getattr access on the file
/root/ca/intermediate/certs/www.inthingslimited.com
I'm wondering if maybe its some of the letsencrypt defaults causing me headaches or is it simply that the certs dont trace back to a registered CA?
I've read that i could disable SELinux but I think it would be better to find a solution that allowed me to leave SELinux alone.
Thanks for any pointers.
Best Answer
SELinux does not allow Apache to access anything in the
/rootdirectory, full stop. It doesn't matter if it's certificates, web site static files, or anything else.To solve the problem, copy the certificate files into appropriate directories under
/etc/pki/tls.