Description of problem: After update to certbot 0.34.2.-3.el7.noarch @epel on 10th July 2019 I get the following repeated selinux error when certbot did its weekly renew run: SELinux is preventing /usr/sbin/httpd from write access on the file /etc/letsencrypt/.certbot.lock. For complete SELinux messages run: sealert -l c02cc5cd-c024-43fa-8148-1ba529733dfc Version-Release number of selected component (if applicable): certbot 0.34.2.-3.el7.noarc How reproducible: Install current CentOS 7 updates from epel. Actual results: selinux blocks certbot renew after the above update. Expected results: certbot allowed to do it's weekly scheduled renew without being blocked by selinux. Additional info: OS is CentOS 7 running on DigitalOcean VM I applied the command suggested by cockpit: Allow this access for now by executing: # ausearch -c 'httpd' --raw | audit2allow -M my-httpd # semodule -i my-httpd.pp After that I don't get the selinux error when doing a manual renew. So I assume that the next shceduled one will be ok.
This appears to be a duplicate of #1586352. Tracking further progress there. *** This bug has been marked as a duplicate of bug 1586352 ***