[Letsencrypt-devel] Bug#845459: Bug#845459: certbot: Private keys are stored with world readable

Harlan Lieberman-Berg hlieberman at debian.org
Thu Nov 24 00:01:18 UTC 2016


severity 845459 normal
merge 819107 845459
thanks

Nikolaus Rath <Nikolaus at rath.org> writes:
> Certbot from jessie-backports stores private keys
> (/etc/letsencrypt/archive/*/privkey*.pem) world readable (with 0644
> permissions). It seems to me they really ought to be 0600 instead.

Hello!

Thank you for this report.  This is a known issue, but doesn't have any
impact on security; the directory the keys are in is chmod 700.  We
eventually plan to migrate to the Debian /etc/ssl style structure,
including permissions, however this requires a lot of work and isn't
immediately a priority.

Sincerely,
-- 
Harlan Lieberman-Berg
~hlieberman



More information about the Letsencrypt-devel mailing list