Daniel Micay
|
27aca7474c
|
drop no-op RemoveIPC
|
2023-06-10 20:42:37 -04:00 |
|
Daniel Micay
|
dfd3fc861b
|
avoid disallowing chown syscall for certbot-renew
|
2022-09-14 18:29:12 -04:00 |
|
Daniel Micay
|
ef1a26b68c
|
certbot-renew: make nginx ocsp-cache dir optional
|
2022-08-28 15:46:33 -04:00 |
|
Daniel Micay
|
fd397326ec
|
add chown to certbot syscall allowlist
|
2022-08-28 14:58:21 -04:00 |
|
Daniel Micay
|
8482ac5144
|
give certbot access to /etc/nginx/ocsp-cache
|
2022-08-27 17:22:23 -04:00 |
|
Daniel Micay
|
2cf0966847
|
properly override ExecStart
|
2022-08-27 17:19:42 -04:00 |
|
Daniel Micay
|
2a33c3b962
|
initial certbot-renew service hardening
This doesn't switch to using a dedicated certbot user yet since the
hooks used across the services will all still need to work.
|
2022-08-10 11:32:48 -04:00 |
|
Daniel Micay
|
5bbaecfce9
|
disable redundant random sleep for certbot renewal
|
2022-08-10 11:28:18 -04:00 |
|