Certbot: make cert.pem files publicly readable

Would there be any security concerns about making cert.pem files world readable?

You could do something like soft link the active certs to a world-readable dir under /etc/letsencrypt.

My use case is to allow users to check cert status without elevating permissions.

I may do that on my own but would appreciate any thoughts on security issues.


The certificates are already actual-world readable, so no security issues. Just be sure not to expose the private keys. An alternative is that you could provide a tool that checks the endpoint the certificate is installed on instead, or links to crt.sh for given domains. There are a lot of ways to do this.

Making the directory readable could expose access to the private key file.

Not with the implementation idea of symlinking the cert to a readable directory.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.