My certificates are in /etc/letsencrypt/live/example.com/, and when I trying to start coturn I receiving: “0: : WARNING: cannot find certificate file…” I’m interested, what is the best way to solve this problem?

  • someoneFromInternetOPEnglish
    1·
    1 month ago

    What if I created new directory and copy one of certificate there(manually, using nano), then I gave all permissions to folder and this certificate, but coturn still can’t access this cert?

    • hendrik@palaver.p3x.deEnglish
      2·
      1 month ago

      (Same things would apply as I lined out earlier. You’d also need to pay attention to the parent directory of that directory (and maybe parents of those). And check if coturn is actually running as that user and/or group.

      You might just (for testing) grant all permissions on the files. Put them into a directory that you’re 100% sure coturn can access. Like one of Coturn’s own directories. And then chmod 666 both files and give them the same user and group as coturn’s own config file has. If that doesn’t work, it’s not the permissions.)

      And read the actual error message again. Make sure it says “permission denied”. Make sure the filename in the error message is the exact filename and location of your certificate file. To rule out other errors or a typo.

      And now that I’m reading your initial post again, it says it can’t find them. So maybe it’s really not the permissions, but the coturn config doesn’t point to the correct location of the certificate files. Usually permissions is a good first guess. But if the error message says sth else, it could very well be what the error message says. Does it go on and tell you where it looked for the certificates?

      • someoneFromInternetOPEnglish
        2·
        1 month ago

        ok, I just needed to change owner to turnserver for certs and directories. That’s all

        • hendrik@palaver.p3x.de
          2·
          1 month ago

          Glad you could figure it out. Keep an eye on the certificate updates. As far as I know letsencypt certs are valid for 90 days or so. In case you have a periodic job that renews them, that one might now fail to update the files when it runs the next time in 2 months or so. But that depends on the permissions and user of that renew job. However that’s set up. But for the next few months, everything should be fine now.