From 14b1d2d72b2ea0c1d10ac9d5b81dd60e8aa5acc4 Mon Sep 17 00:00:00 2001 From: Zach Shepherd Date: Thu, 8 Jun 2017 15:44:38 -0700 Subject: [PATCH] Explicitly mention the permissions warning and chmod 600 --- .../certbot_dns_cloudflare/__init__.py | 9 +++++++++ certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py | 9 +++++++++ .../certbot_dns_digitalocean/__init__.py | 9 +++++++++ certbot-dns-dnsimple/certbot_dns_dnsimple/__init__.py | 9 +++++++++ certbot-dns-google/certbot_dns_google/__init__.py | 9 +++++++++ 5 files changed, 45 insertions(+) diff --git a/certbot-dns-cloudflare/certbot_dns_cloudflare/__init__.py b/certbot-dns-cloudflare/certbot_dns_cloudflare/__init__.py index b6a97c762..7e53f83ce 100644 --- a/certbot-dns-cloudflare/certbot_dns_cloudflare/__init__.py +++ b/certbot-dns-cloudflare/certbot_dns_cloudflare/__init__.py @@ -16,6 +16,7 @@ Named Arguments (Default: 10) ======================================== ===================================== + Credentials ----------- @@ -43,6 +44,14 @@ to this file for use during renewal, but does not store the file's contents. new certificates or revoke existing certificates for associated domains, even if those domains aren't being managed by this server. +Certbot will emit a warning if it detects that the credentials file can be +accessed by other users on your system. The warning reads "Unsafe permissions +on credentials configuration file", followed by the path to the credentials +file. This warning will be emitted each time Certbot uses the credentials file, +including for renewal, and cannot be silenced except by addressing the issue +(e.g., by using a command like ``chmod 600`` to restrict access to the file). + + Examples -------- diff --git a/certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py b/certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py index 7260612cd..6957b9cc3 100644 --- a/certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py +++ b/certbot-dns-cloudxns/certbot_dns_cloudxns/__init__.py @@ -16,6 +16,7 @@ Named Arguments (Default: 30) ======================================== ===================================== + Credentials ----------- @@ -43,6 +44,14 @@ to this file for use during renewal, but does not store the file's contents. certificates or revoke existing certificates for associated domains, even if those domains aren't being managed by this server. +Certbot will emit a warning if it detects that the credentials file can be +accessed by other users on your system. The warning reads "Unsafe permissions +on credentials configuration file", followed by the path to the credentials +file. This warning will be emitted each time Certbot uses the credentials file, +including for renewal, and cannot be silenced except by addressing the issue +(e.g., by using a command like ``chmod 600`` to restrict access to the file). + + Examples -------- diff --git a/certbot-dns-digitalocean/certbot_dns_digitalocean/__init__.py b/certbot-dns-digitalocean/certbot_dns_digitalocean/__init__.py index 7565a3725..3ab8df041 100644 --- a/certbot-dns-digitalocean/certbot_dns_digitalocean/__init__.py +++ b/certbot-dns-digitalocean/certbot_dns_digitalocean/__init__.py @@ -17,6 +17,7 @@ Named Arguments (Default: 10) ========================================== =================================== + Credentials ----------- @@ -43,6 +44,14 @@ path to this file for use during renewal, but does not store the file's contents new certificates or revoke existing certificates for associated domains, even if those domains aren't being managed by this server. +Certbot will emit a warning if it detects that the credentials file can be +accessed by other users on your system. The warning reads "Unsafe permissions +on credentials configuration file", followed by the path to the credentials +file. This warning will be emitted each time Certbot uses the credentials file, +including for renewal, and cannot be silenced except by addressing the issue +(e.g., by using a command like ``chmod 600`` to restrict access to the file). + + Examples -------- diff --git a/certbot-dns-dnsimple/certbot_dns_dnsimple/__init__.py b/certbot-dns-dnsimple/certbot_dns_dnsimple/__init__.py index 1f5a6cbe4..f8a2e83aa 100644 --- a/certbot-dns-dnsimple/certbot_dns_dnsimple/__init__.py +++ b/certbot-dns-dnsimple/certbot_dns_dnsimple/__init__.py @@ -16,6 +16,7 @@ Named Arguments (Default: 30) ======================================== ===================================== + Credentials ----------- @@ -42,6 +43,14 @@ to this file for use during renewal, but does not store the file's contents. new certificates or revoke existing certificates for associated domains, even if those domains aren't being managed by this server. +Certbot will emit a warning if it detects that the credentials file can be +accessed by other users on your system. The warning reads "Unsafe permissions +on credentials configuration file", followed by the path to the credentials +file. This warning will be emitted each time Certbot uses the credentials file, +including for renewal, and cannot be silenced except by addressing the issue +(e.g., by using a command like ``chmod 600`` to restrict access to the file). + + Examples -------- diff --git a/certbot-dns-google/certbot_dns_google/__init__.py b/certbot-dns-google/certbot_dns_google/__init__.py index 362c6d8ce..228adafcf 100644 --- a/certbot-dns-google/certbot_dns_google/__init__.py +++ b/certbot-dns-google/certbot_dns_google/__init__.py @@ -17,6 +17,7 @@ Named Arguments (Default: 60) ======================================== ===================================== + Credentials ----------- @@ -55,6 +56,14 @@ to this file for use during renewal, but does not store the file's contents. challenge to acquire new certificates or revoke existing certificates for domains these credentials are authorized to manage. +Certbot will emit a warning if it detects that the credentials file can be +accessed by other users on your system. The warning reads "Unsafe permissions +on credentials configuration file", followed by the path to the credentials +file. This warning will be emitted each time Certbot uses the credentials file, +including for renewal, and cannot be silenced except by addressing the issue +(e.g., by using a command like ``chmod 600`` to restrict access to the file). + + Examples --------