Let's Encrypt
Miroslav Lachman
000.fbsd at quip.cz
Tue Sep 10 09:20:11 UTC 2019
Victor Sudakov wrote on 2019/09/10 02:52:
> Trond Endrestøl wrote:
>>
>> #minute hour mday month wday who command
>>
>> 52 4 1 * * root certbot renew --quiet --pre-hook "service apache24 stop" --post-hook "service apache24 start"
>> 52 1 15 * * root certbot renew --quiet --pre-hook "service apache24 stop" --post-hook "service apache24 start"
>
> Is it safe to run certbot as root?
I cannot recommend to run things like this as root. I am using acme.sh
running as unprivileged user and only the deployment of the new /
renewed key is run as root through sudo. I don't know certbot well,
acme.sh allows to use shell scripts as hooks for actions like deployment
so it was really simple to separate cert signing and deployment of new cert.
Kind regards
Miroslav Lachman
More information about the freebsd-security
mailing list