Letsencrypt directory permissions


#1

Hello,

I had to reset my server for some reasons. Before doing that I wanted to archive the letsEncrypt directory (full including all subdirectories) to my local machine. Because it did not have the requisite permissions to apply the scp command, I changed the permissions to 777 for all files … Yes, I know :slight_smile: .

Now I have set up my server and was able to renew the old certificate. However, I would like to set the permissions back to what they were.

Can anyone help me with that information. I guess they will be different for different subdirectories and the files in them.

Thanks,

RR


#2

Not sure if this is what you’re looking for, but here’s the default permissions on a fresh Docker container with a single certificate:

root@3cf7a3977c8e:/# find /etc/letsencrypt -printf "%p %m \n" 
/etc/letsencrypt 755 
/etc/letsencrypt/renewal 755 
/etc/letsencrypt/renewal/a.foo.monkas.xyz.conf 644 
/etc/letsencrypt/keys 700 
/etc/letsencrypt/keys/0000_key-certbot.pem 600 
/etc/letsencrypt/csr 755 
/etc/letsencrypt/csr/0000_csr-certbot.pem 644 
/etc/letsencrypt/archive 700 
/etc/letsencrypt/archive/a.foo.monkas.xyz 755 
/etc/letsencrypt/archive/a.foo.monkas.xyz/fullchain1.pem 644 
/etc/letsencrypt/archive/a.foo.monkas.xyz/privkey1.pem 644 
/etc/letsencrypt/archive/a.foo.monkas.xyz/cert1.pem 644 
/etc/letsencrypt/archive/a.foo.monkas.xyz/chain1.pem 644 
/etc/letsencrypt/live 700 
/etc/letsencrypt/live/a.foo.monkas.xyz 755 
/etc/letsencrypt/live/a.foo.monkas.xyz/chain.pem 777 
/etc/letsencrypt/live/a.foo.monkas.xyz/cert.pem 777 
/etc/letsencrypt/live/a.foo.monkas.xyz/fullchain.pem 777 
/etc/letsencrypt/live/a.foo.monkas.xyz/README 644 
/etc/letsencrypt/live/a.foo.monkas.xyz/privkey.pem 777 
/etc/letsencrypt/accounts 700 
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org 700 
/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory 700 
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org 700 
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory 700 
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/e1467f29cab81b749462b47b2cf3a9db 700 
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/e1467f29cab81b749462b47b2cf3a9db/private_key.json 400 
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/e1467f29cab81b749462b47b2cf3a9db/regr.json 644 
/etc/letsencrypt/accounts/acme-staging.api.letsencrypt.org/directory/e1467f29cab81b749462b47b2cf3a9db/meta.json 644 
/etc/letsencrypt/renewal-hooks 755 
/etc/letsencrypt/renewal-hooks/post 755 
/etc/letsencrypt/renewal-hooks/pre 755 
/etc/letsencrypt/renewal-hooks/deploy 755

#3

Yes. Fantastic. Many thanks _az


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.