Commit Graph

12 Commits

Author SHA1 Message Date
Tommy
6fc45525d9 Add NoNewPrivileges=true for certbot 2024-06-24 11:55:59 -04:00
Daniel Micay
2e7058e9c4 replace certbot log rotation with logrotate 2024-02-13 12:38:14 -05:00
Daniel Micay
90411f367c update OCSP cache path for certbot-renew.service 2023-09-02 15:07:28 -04:00
Daniel Micay
37bf4935f1 drop mail server specific certbot configuration
The mail server is now using the webroot authentication method via nginx
due to moving the MTA-STS web service to the mail server.
2023-06-30 15:47:33 -04:00
Daniel Micay
27aca7474c drop no-op RemoveIPC 2023-06-10 20:42:37 -04:00
Daniel Micay
dfd3fc861b avoid disallowing chown syscall for certbot-renew 2022-09-14 18:29:12 -04:00
Daniel Micay
ef1a26b68c certbot-renew: make nginx ocsp-cache dir optional 2022-08-28 15:46:33 -04:00
Daniel Micay
fd397326ec add chown to certbot syscall allowlist 2022-08-28 14:58:21 -04:00
Daniel Micay
8482ac5144 give certbot access to /etc/nginx/ocsp-cache 2022-08-27 17:22:23 -04:00
Daniel Micay
2cf0966847 properly override ExecStart 2022-08-27 17:19:42 -04:00
Daniel Micay
2a33c3b962 initial certbot-renew service hardening
This doesn't switch to using a dedicated certbot user yet since the
hooks used across the services will all still need to work.
2022-08-10 11:32:48 -04:00
Daniel Micay
5bbaecfce9 disable redundant random sleep for certbot renewal 2022-08-10 11:28:18 -04:00