Victor Sudakov wrote on 2019/09/10 02:52:
Trond Endrestøl wrote:
#minute hour mday month wday who command
52 4 1 * * root certbot renew --quiet --pre-hook "service
apache24 stop" --post-hook "service apache24 start"
52 1 15 * * root certbot renew --quiet --pre-hook "service
apache24 stop" --post-hook "service apache24 start"
Is it safe to run certbot as root?
I cannot recommend to run things like this as root. I am using acme.sh
running as unprivileged user and only the deployment of the new /
renewed key is run as root through sudo. I don't know certbot well,
acme.sh allows to use shell scripts as hooks for actions like deployment
so it was really simple to separate cert signing and deployment of new cert.
Kind regards
Miroslav Lachman
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
