From 8482ac5144719eb468a8c71978feff3982951488 Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sat, 27 Aug 2022 17:22:23 -0400
Subject: [PATCH] give certbot access to /etc/nginx/ocsp-cache

---
 systemd/system/certbot-renew.service.d/local.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/systemd/system/certbot-renew.service.d/local.conf b/systemd/system/certbot-renew.service.d/local.conf
index ee7590b..2b6bb03 100644
--- a/systemd/system/certbot-renew.service.d/local.conf
+++ b/systemd/system/certbot-renew.service.d/local.conf
@@ -18,7 +18,7 @@ ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectProc=invisible
 ProtectSystem=strict
-ReadWritePaths=/etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt -/srv/certbot
+ReadWritePaths=/etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt -/srv/certbot /etc/nginx/ocsp-cache
 RemoveIPC=true
 RestrictAddressFamilies=AF_INET AF_INET6
 RestrictNamespaces=true