Certbot fix for Debian-exim permissions

Submitted by Jeff on Fri, 30/03/2018 - 18:05
Forums

Simple fix after each certificate renewal:

chmod 755 -R /etc/letsencrypt/{archive,live}; chgrp -R Debian-exim /etc/letsencrypt/{archive,live}
service apache2 restart
service dovecot restart
service exim4 restart

 

 

 

Deprecated : Uses too many resources, but may be useful sometime:

Install and configure incrontab as described here https://forum.ff.co.za/forum-topic/inotify-incrontab, and add the below incrontab job to the correct Certificate Name.

First create or modify the script:

$ nano /usr/local/tools/certbot-fix.sh

#!/bin/bash
chmod 755 -R /etc/letsencrypt/{archive,live}; chgrp -R Debian-exim /etc/letsencrypt/{archive,live}
service exim4 restart
service dovecot restart

 

$ chmod 755 /usr/local/tools/certbot-fix.sh

Be sure to change the CN, below. E.g. Where $CN is /etc/letsencrypt/archive/waspa.org.za. No trailing slash!)

$ incrontab -e
/etc/letsencrypt/archive/$CN IN_CREATE /usr/local/tools/certbot-fix.sh

Note that the above command restarts exim4 and dovecot after an automatic certificate renewal. Currently tested, working, but not used in production, yet.

FF Tags
Category