[BlueOnyx:22725] Re: invalid cert letsencrypt
Michael Stauber
mstauber at blueonyx.it
Mon Feb 25 12:09:06 -05 2019
Hi Tomohiro,
> For the purpose of debugging, we made the following changes.
>
> # diff -u /usr/sausalito/acme/acme.sh-00 /usr/sausalito/acme/acme.sh
> --- /usr/sausalito/acme/acme.sh-00 2019-02-25 00:30:04.372319351 +0900
> +++ /usr/sausalito/acme/acme.sh 2019-02-26 01:35:46.743599682 +0900
> @@ -4063,7 +4063,7 @@
>
> _debug wellknown_path "$wellknown_path"
>
> - _debug "writing token:$token to $wellknown_path/$token"
> + _debug "writing token:$token to $wellknown_path/$token umask:`umask`"
>
> mkdir -p "$wellknown_path"
>
> # fgrep umask /var/log/letsencrypt/letsencrypt.log
> [Mon Feb 25 08:55:57 JST 2019] writing
> token:WZ07_OOEDRtIrOFksk7JlExUApqFuIauj1U_LYI6PRk to
> /home/.acme//.well-known/acme-challenge/WZ07_OOEDRtIrOFksk7JlExUApqFuIauj1U_LYI6PRk
> umask:0027
>
> Others read bit can not be set.
Nice catch. Thank you very much! I'll check where the umask comes from
and will publish an update to the acme-client. One thing is for sure:
The umask is different on 5207R/5208R than what it is on 5209R, where
this script works without any issues. I'll see what I can do.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list