From 8aae7d58b0fa851dbbb8c6bfa08a2d6bb7eda83b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= <rodolphe@what.tf>
Date: Sun, 13 Jun 2021 22:34:22 +0200
Subject: [PATCH] Change ProtectSystem to yes The strict mode was not adapted
 since it would prevent ACMEd to write http-01 challenge files inside the web
 server's directory.

---
 contrib/systemd/acmed.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/systemd/acmed.service b/contrib/systemd/acmed.service
index 2c7dafa..7a9271f 100644
--- a/contrib/systemd/acmed.service
+++ b/contrib/systemd/acmed.service
@@ -28,7 +28,7 @@ ProtectClock=yes
 ProtectHostname=yes
 ProtectKernelTunables=yes
 ProtectKernelLogs=yes
-ProtectSystem=strict
+ProtectSystem=yes
 ReadWritePaths=/etc/acmed /var/lib/acmed
 RestrictRealtime=yes
 RestrictSUIDSGID=yes