From bc7717ac262e94ef864b8041658283b9a99f6383 Mon Sep 17 00:00:00 2001
From: "Alexander A. Afonyashin" <firm@iname.com>
Date: Mon, 15 May 2017 13:24:58 +0300
Subject: [PATCH] Ensure that server key is readable only by owner

---
 acme.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/acme.sh b/acme.sh
index 7ce947ea..d689ea6a 100755
--- a/acme.sh
+++ b/acme.sh
@@ -4166,6 +4166,7 @@ _installcert() {
       cp "$_real_key" "$_backup_path/key.bak"
     fi
     cat "$CERT_KEY_PATH" >"$_real_key"
+    chmod go-rwx "$_real_key"
   fi
 
   if [ "$_real_fullchain" ]; then