chown, permissions, 'Processing, The CA is processing your order, please just wait'

[lpvm]

I want acme.sh to run under the acme user. The command used to issue the certificates: su - acme -c "/usr/local/sbin/acme.sh --force --issue -d myhostname.com -d www.myhostname.com -w /usr/local/www/nginx/myhostname.com --home /var/db/acme --ecc"

Verifying: myhostname.com
Processing, The CA is processing your order, please just wait. (1/30)
...
Processing, The CA is processing your order, please just wait. (30/30)

The log shows that: Changing owner/group of .well-known to www:www

acme.sh should not attempt to change the owner and group in this case because:

• www is the user and group of nginx
• acme user is part of www group
• www user is part of acme group
• /usr/local/www/nginx/myhostname.com directory (web root) has permissions 0700 and is owned by www:www
• the same for /usr/local/www/nginx/myhostname.com/.well-known
• the same for /usr/local/www/nginx/myhostname.com/.well-known/acme-challenge
• acme.sh (under acme user) is able to write to /usr/local/www/nginx/myhostname.com/.well-known/acme-challenge/
• the file written there has user and group of acme:www and permissions of 0644.
• nginx is able to read from /usr/local/www/nginx/myhostname.com/.well-known/acme-challenge/, a GET returns the file written there.

So, there's no reason for acme.sh to try to chown the user and group of the file written, or recursively of the whole .well-known/acme-challenge/.

[edrozenberg]

Same issue here and had no clue what to do since the error message gives no useful info about the issue.

Also unfortunate that this script's switch to using ZeroSSL is causing significantly slower issuance, timeouts and uninformative errors.

[lpvm]

zerossl.com says, after logging in, that "We were experiencing delays in issuing 90-day and 1-year certificates."