5

I have an issue trying to setup an https on Google Cloud Platform using golang + let's encrypt

  • I already have a domain targeting the IP of the instance

  • Also I got a let's encrypt certificate and chain saved on /etc/letsencrypt/live/mydomain.com/

  • I already setup myapp to use the cert and configured to run as a service using myapp.service via systemctl

And after all this configurations I always get the next error message:

Feb 14 11:29:47 https https[1982]: 2019/02/14 11:29:47 listen tcp :443: bind: permission denied
Feb 14 11:29:47 https systemd[1]: https.service: Main process exited, code=exited, status=1/FAILURE
Feb 14 11:29:47 https systemd[1]: https.service: Unit entered failed state.
Feb 14 11:29:47 https systemd[1]: https.service: Failed with result 'exit-code'.
ifnotak
  • 4,147
  • 3
  • 22
  • 36
Roberto
  • 93
  • 1
  • 1
  • 9

3 Answers3

14

If you want to bind to a privileged port (ports less than 1024). You either need to be root or have the CAP_NET_BIND_SERVICE capability.

ifnotak
  • 4,147
  • 3
  • 22
  • 36
3

Ok, I just look for more info about CAP_NET_BIND_SERVICE and I found an answer of Scott Stensland inside this other post:

https://unix.stackexchange.com/questions/455221/setcap-not-found-in-debian-9/455234#455234

Now looks fixed ... thanks

But now I have a "open /etc/letsencrypt/live/mydomain.com/cert.pem: permission denied" error :\ (looking for other solutions in progress...)

Roberto
  • 93
  • 1
  • 1
  • 9
0

Do a port redirect using iptables. Checkout this answer by flappysocks on https://stackoverflow.com/a/1762807/1100242

Manish
  • 1,999
  • 2
  • 15
  • 26