Package: acmetool
Version: 0.0.62-2
Severity: important
If you configure a combined key + certificate file ("haproxy" option), the
generated file always has an UID/GID of root/root directly after renewal.
This is auto-corrected to the desired UID/GID in the next acmetool run, i.e.
usually next day, but if you restart the service using the combined file in the
meantime, it will be unable to use the certificate.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8),
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages acmetool depends on:
ii libc6 2.27-3
ii libcap2 1:2.25-1.2
Versions of packages acmetool recommends:
pn dialog <none>
acmetool suggests no packages.
-- no debconf information
