EDIT: Gr33nDrag0n rewrote his tutorial, including some of the following hints. So, if you follow his tutorial step-by-step, everything should run fine and you should not have to do any of the stuff I write here
Hey Gr33nDrag0n, great tutorial, thanks! There are two problems if you run lisk not as root, but as normal user though.
1. (I'm not totally sure if this step is really necessary, maybe someone could confirm?)
The certificate is not readable because the rights of the directories in /etc/letsencrypt/ prevent regular users from reading the content. I made them readable by executing the following command:
sudo chown -R <user>:<user> /etc/letsencrypt/ (replace <user> with your own username)
2. Regular non-root users don't have access to ports below 1024. SSL uses port 443, which is not accessible by a regular user. I solved this by redirecting traffic (with iptables rules) to the ssl port 443 to a unused port higher 1024 and let lisk work on this new higher port .
a) add following rules to your firewall:
sudo iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8061
(you can replace 8061 by your own port, higher 1024)
b) modify config.json:
then restart your firewall and lisk and "https://<YOUR_DOMAIN>" should work