From ef1a26b68caccd0e648f30caccecf1c8a79697fc Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sun, 28 Aug 2022 15:46:33 -0400 Subject: [PATCH] certbot-renew: make nginx ocsp-cache dir optional --- systemd/system/certbot-renew.service.d/local.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/system/certbot-renew.service.d/local.conf b/systemd/system/certbot-renew.service.d/local.conf index 3cb4f9b..194fd22 100644 --- a/systemd/system/certbot-renew.service.d/local.conf +++ b/systemd/system/certbot-renew.service.d/local.conf @@ -18,7 +18,7 @@ ProtectKernelModules=true ProtectKernelTunables=true ProtectProc=invisible ProtectSystem=strict -ReadWritePaths=/etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt -/srv/certbot /etc/nginx/ocsp-cache +ReadWritePaths=/etc/letsencrypt /var/lib/letsencrypt /var/log/letsencrypt -/srv/certbot -/etc/nginx/ocsp-cache RemoveIPC=true RestrictAddressFamilies=AF_INET AF_INET6 RestrictNamespaces=true