[Letsencrypt-devel] Bug#859209: certbot: pem files should belong to group ssl-cert

Xavier Bestel xav at awak.mobi
Fri Mar 31 15:39:07 UTC 2017

Package: certbot
Version: 0.10.2-1
Severity: normal


Files generated by certbot (*.pem) aren't by default readable by applications - e.g. if I want to make cyrus use letsencrypt I can't.
I have to manually chgrp -R ssl-cert /etc/letsencrypt (and addgroup cyrus ssl-cert) but the former will be lost at the next certbot update.

Would it be possible to make the whole directory root.ssl-cert ?


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages certbot depends on:
ii  init-system-helpers  1.47
ii  python-certbot       0.10.2-1
pn  python:any           <none>

certbot recommends no packages.

Versions of packages certbot suggests:
ii  python-certbot-apache  0.10.2-1
pn  python-certbot-doc     <none>

-- no debconf information

More information about the Letsencrypt-devel mailing list