At first, thank you very much for your great service.
I just have successfully generated a certificate using the following command line:
./letsencrypt-auto certonly --standalone --renew-by-default --agree-tos --rsa-key-size 4096 -m … -d …
Obviously, the resulting files have been put into /etc/letsencrypt/archive/…
When looking into that directory, I saw that all files in there are world readable. While this might be OK for CSRs, certificates and chains, it probably is a serious problem for private keys. What do you think about it?
Thank you very much,