[SOLVED] Possible serious security problem (private keys accessible by everyone)


#1

At first, thank you very much for your great service.

I just have successfully generated a certificate using the following command line:

./letsencrypt-auto certonly --standalone --renew-by-default --agree-tos --rsa-key-size 4096 -m … -d …

Obviously, the resulting files have been put into /etc/letsencrypt/archive/…

When looking into that directory, I saw that all files in there are world readable. While this might be OK for CSRs, certificates and chains, it probably is a serious problem for private keys. What do you think about it?

Thank you very much,

Binarus


#2

Have a look at the permissions for the parent directory.


#3

You are right, I had not noticed the parent directory’s permission yet. Nevertheless, wouldn’t it add some extra security if you would make these files readable by root only?

Thank you very much for your fast answer (never got a reply so fast …)!


#4

This is being worked on, but there are some compatibility concerns.


#5

I see. Thank you very much as well!