From 185b872d3e8474f6324e96e2658c7bc7769164bb Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 19 May 2017 22:03:45 +0100
Subject: [PATCH] letsencrypt permissions when renewing

---
 src/freedombone-addcert | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index 91c27e56..fb975c9b 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -232,9 +232,14 @@ function add_cert_letsencrypt {
     # stop the web server
     systemctl stop nginx
 
+    chgrp -R root /etc/letsencrypt
+    chmod -R 777 /etc/letsencrypt
+
     certbot certonly -n --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME --renew-by-default --agree-tos --email $MY_EMAIL_ADDRESS
     if [ ! "$?" = "0" ]; then
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
+        chgrp -R ssl-cert /etc/letsencrypt
+        chmod -R g=rX /etc/letsencrypt
         systemctl start nginx
         exit 63216
     fi