HTTPS setup issues

I’m trying to setup HTTPS on a server. For that I added this to my nixos configuration:

  security.acme = {
    acceptTerms = true;
    certs = {
      "" = {
        email = "";
        webroot = "/root/site";

The directory /root/site is being served on port 80. When I run the nixos-rebuild test command, it fails with an output saying:

warning: the following units failed:
error presenting token: could not create required directories in webroot for HTTP challenge: mkdir /root/site: permission denied

How do I fix it? Also, does the acme agent run the challenge upon every renewal? Can I change the site configuration once the certificate has been issued?

You should set to a group capable of writing to /root/site. You can also manually create the /root/site/.well-known/acme-challenge directory and make it owned by the acme user:

sudo install -dm775 -o acme -g acme /root/site/.well-known/acme-challenge
1 Like

Additionally, you might consider if /root is the most appropriate directory for that…


This directory already exists and is owned by the acme user:

[root@server:~/site]# ls -ld .well-known/acme-challenge/
drwxr-xr-x 2 acme acme 4096 May  4 00:50 .well-known/acme-challenge/


nixos-rebuild test fails with the same error.

What about sudo -u acme ls -ld /root/site/.well-known/acme-challenge/ (to check how the acme user views it)?

1 Like

Never mind. I generated a certificate manually using certbot.