From 4b70d690292bdb2885ff2011598901fbe2364658 Mon Sep 17 00:00:00 2001 From: Lucas Rolff Date: Sun, 17 Jan 2016 12:46:24 +0100 Subject: [PATCH 1/2] Chown directories to parent - You might configure web-servers to not allow reading files owned by root (or user you execute as), modified script to try chowning the .well-known recursively - If you do not have chown rights it will work anyway --- le.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/le.sh b/le.sh index a230e39..e7ae549 100755 --- a/le.sh +++ b/le.sh @@ -537,6 +537,11 @@ issue() { mkdir -p "$wellknown_path" echo -n "$keyauthorization" > "$wellknown_path/$token" + + webroot_owner=$(stat -c '%U' $Le_Webroot) + _debug "Changing owner of .well-known to $webroot_owner" + chown -R $webroot_owner. "$Le_Webroot/.well-known" + fi wellknown_url="http://$d/.well-known/acme-challenge/$token" _debug wellknown_url "$wellknown_url" From edcbe247cff9164cf4bf1f9aa5ab63ab9975ca9a Mon Sep 17 00:00:00 2001 From: Lucas Rolff Date: Wed, 20 Jan 2016 19:05:46 +0100 Subject: [PATCH 2/2] Also changing group of .well-known directory --- le.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/le.sh b/le.sh index e7ae549..a177094 100755 --- a/le.sh +++ b/le.sh @@ -538,9 +538,9 @@ issue() { mkdir -p "$wellknown_path" echo -n "$keyauthorization" > "$wellknown_path/$token" - webroot_owner=$(stat -c '%U' $Le_Webroot) - _debug "Changing owner of .well-known to $webroot_owner" - chown -R $webroot_owner. "$Le_Webroot/.well-known" + webroot_owner=$(stat -c '%U:%G' $Le_Webroot) + _debug "Changing owner/group of .well-known to $webroot_owner" + chown -R $webroot_owner "$Le_Webroot/.well-known" fi wellknown_url="http://$d/.well-known/acme-challenge/$token"