New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debian: Make live directory readable by ssl-cert group #1425

Open
cweiske opened this Issue Nov 8, 2015 · 4 comments

Comments

Projects
None yet
8 participants
@cweiske
Copy link

cweiske commented Nov 8, 2015

On Debian, programs that run as non-root have the group ssl-cert, for example ejabberd.

The /etc/letsencrypt/live is only readable by root and nobody else. This directory should be readable and executable by the ssl-cert group.

@pastukhov

This comment has been minimized.

Copy link

pastukhov commented Nov 9, 2015

Same for me.
I have node-red installation that running from dedicated user.

@NEOatNHNG

This comment has been minimized.

Copy link

NEOatNHNG commented Nov 9, 2015

+1 But you also have to make archive readable for the ssl-cert group as the live directory only contains symlinks

mikeashley added a commit to mikeashley/sovereign that referenced this issue Jan 17, 2016

Update prosody to use LE certs directly
Don't copy the LE certificates.  Instead use the ssl-cert group to
manage access to the LE certificates directly.  See
certbot/certbot#1425 for a request to
have the LE client do this itself.

mikeashley added a commit to mikeashley/sovereign that referenced this issue Feb 21, 2016

Update prosody to use LE certs directly
Don't copy the LE certificates.  Instead use the ssl-cert group to
manage access to the LE certificates directly.  See
certbot/certbot#1425 for a request to
have the LE client do this itself.
@shr3k

This comment has been minimized.

Copy link

shr3k commented Mar 7, 2017

👍

@clawoflight

This comment has been minimized.

Copy link

clawoflight commented Jan 27, 2018

Please add this!

@sydneyli sydneyli added this to the 2.0 milestone Sep 19, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment