Obviously, the resulting files have been put into /etc/letsencrypt/archive/…
When looking into that directory, I saw that all files in there are world readable. While this might be OK for CSRs, certificates and chains, it probably is a serious problem for private keys. What do you think about it?
You are right, I had not noticed the parent directory’s permission yet. Nevertheless, wouldn’t it add some extra security if you would make these files readable by root only?
Thank you very much for your fast answer (never got a reply so fast …)!