Re: [chrony-users] Re: NTS Server Setup with Let's Encrypt

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-users Archives ]

To: chrony-users@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-users] Re: NTS Server Setup with Let's Encrypt
From: James Cloos <cloos@xxxxxxxxxxx>
Date: Sun, 20 Apr 2025 09:43:24 -0400
Copyright: Copyright 2025 James Cloos
Face: iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAgMAAABinRfyAAAACVBMVEX///8ZGXBQKKnCrDQ3 AAAAJElEQVQImWNgQAAXzwQg4SKASgAlXIEEiwsSIYBEcLaAtMEAADJnB+kKcKioAAAAAElFTkSu QmCC
Openpgp: 0x997A9F17ED7DAEA6; url=https://jhcloos.com/public_key/0x997A9F17ED7DAEA6.asc
Openpgp-fingerprint: E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6

> What would be the correct way of giving chrony permissions to read the
> certificate files created by certbot, without breaking the web server?

i would have expected that setfacl(1) call to work, but you could try
adding _chrony to the ssl-cert group.  if you are using debian's
packaging of certbot the certs should be in group ssl-cert and should
be group readable.

-JimC
-- 
James Cloos <cloos@xxxxxxxxxxx>
            OpenPGP: https://jhcloos.com/0x997A9F17ED7DAEA6.asc

-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- [chrony-users] NTS Server Setup with Let's Encrypt
  - From: Sviatoslav Feshchenko
- [chrony-users] Re: NTS Server Setup with Let's Encrypt
  - From: Sviatoslav Feshchenko

Messages sorted by: [ date | thread ]
Prev by Date: [chrony-users] Re: NTS Server Setup with Let's Encrypt
Next by Date: Re: [chrony-users] Re: NTS Server Setup with Let's Encrypt
Previous by thread: [chrony-users] Re: NTS Server Setup with Let's Encrypt
Next by thread: Re: [chrony-users] Re: NTS Server Setup with Let's Encrypt

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/