Forum
Using certbot in place of extras/letsencrypt
chris
22 April 2018, 15:03
Hello Hugo:
I have used Hiawatha for over a decade with great success for non-ssl sites. Now I am using it for ssl sites but I do not use php, so your letsencrypt script is not avaiable to me. I used the recommended certbot program to obtain the certificate files but I saw errors in the system log file due to hiawatha not starting when I tried to use the fullchain.pem and privkey.pem files alone. So I concatenated them and Hiawatha is now happy reading the merged file.
My question is: are there security implications to doing this? All .pem files are owned by root with no group or world access.
Thanks, Chris
I have used Hiawatha for over a decade with great success for non-ssl sites. Now I am using it for ssl sites but I do not use php, so your letsencrypt script is not avaiable to me. I used the recommended certbot program to obtain the certificate files but I saw errors in the system log file due to hiawatha not starting when I tried to use the fullchain.pem and privkey.pem files alone. So I concatenated them and Hiawatha is now happy reading the merged file.
My question is: are there security implications to doing this? All .pem files are owned by root with no group or world access.
Thanks, Chris
chris
22 April 2018, 19:38
I answered my own question by rereading the TLScertFile parameter documentation where it states that both must be included in the single file.
Hugo Leisink
23 April 2018, 23:11
Hi Chris. No, if you protect the file containing the private key and certificate the same way you would protect a private key file, there are no security implications.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
