From a464afdf71e8061e2f2115925276bf7fa76ce74a Mon Sep 17 00:00:00 2001
From: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Date: Sun, 10 Apr 2016 02:45:29 +0200
Subject: [PATCH] Adjust permissions of certificates

For the internal store of certificates in the configuration directory, a
permission of user read only is absolutely sufficient

Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
---
 acertmgr.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/acertmgr.py b/acertmgr.py
index 0bf755f..4343f2e 100755
--- a/acertmgr.py
+++ b/acertmgr.py
@@ -15,6 +15,7 @@ import os
 import pwd
 import shutil
 import subprocess
+import stat
 import tempfile
 import yaml
 
@@ -107,6 +108,7 @@ def cert_get(domains, settings):
 		if cert_isValid(crt_file, 60):
 			crt_final = os.path.join(ACME_DIR, ("%s.crt" % domain))
 			shutil.copy2(crt_file, crt_final)
+			os.chmod(crt_final, stat.S_IREAD)
 
 	finally:
 		if settings['mode'] == 'standalone':