Would there be any security concerns about making cert.pem files world readable?
You could do something like soft link the active certs to a world-readable dir under /etc/letsencrypt.
My use case is to allow users to check cert status without elevating permissions.
I may do that on my own but would appreciate any thoughts on security issues.
Thanks.
The certificates are already actual-world readable, so no security issues. Just be sure not to expose the private keys. An alternative is that you could provide a tool that checks the endpoint the certificate is installed on instead, or links to crt.sh for given domains. There are a lot of ways to do this.
Making the directory readable could expose access to the private key file.
Not with the implementation idea of symlinking the cert to a readable directory.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.