[Letsencrypt-devel] Bug#845459: Bug#845459: certbot: Private keys are stored with world readable
Harlan Lieberman-Berg
hlieberman at debian.org
Thu Nov 24 00:01:18 UTC 2016
severity 845459 normal
merge 819107 845459
thanks
Nikolaus Rath <Nikolaus at rath.org> writes:
> Certbot from jessie-backports stores private keys
> (/etc/letsencrypt/archive/*/privkey*.pem) world readable (with 0644
> permissions). It seems to me they really ought to be 0600 instead.
Hello!
Thank you for this report. This is a known issue, but doesn't have any
impact on security; the directory the keys are in is chmod 700. We
eventually plan to migrate to the Debian /etc/ssl style structure,
including permissions, however this requires a lot of work and isn't
immediately a priority.
Sincerely,
--
Harlan Lieberman-Berg
~hlieberman
More information about the Letsencrypt-devel
mailing list