Cerbot docker image returns Permission denied: '/etc/letsencrypt/.certbot.lock'

Project Discussion
1

I want to set up letsencrypt certificate on my Fedora atomic server. Here is the command I run:

$ sudo podman run -it --rm --name certbot -p 80:80 -p 443:443 -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot certonly --standalone --email MyEmail -d "*.example.com"

I have this error:

The following error was encountered:
[Errno 13] Permission denied: '/etc/letsencrypt/.certbot.lock'

Checking the directory:

% ls -alZ /etc/letsencrypt 
total 12K
drwxr-xr-x.  2 root root unconfined_u:object_r:etc_t:s0    6 Aug 16 17:03 ./
drwxr-xr-x. 89 root root system_u:object_r:etc_t:s0     8.0K Aug 16 17:03 ../

I wonder why podman run as root can’t write in this directory? Is this a Selinux issue (set as default to enforced)?
Thank you for help

2

Hi @gabx, it’s an issue with SELinux you should be able to find a solution in the links I provided below.

https://github.com/certbot/certbot/issues/6087

https://github.com/certbot/certbot/issues/4716

3

Have a look at this: Using Volumes with Docker can Cause Problems with SELinux — Project Atomic