letsencrypt: ensure request script runs as correct user

author Grant Slater <github@firefishy.com>

Wed, 26 Feb 2025 19:46:28 +0000 (19:46 +0000)

committer Grant Slater <github@firefishy.com>

Wed, 26 Feb 2025 19:46:28 +0000 (19:46 +0000)
author Grant Slater <github@firefishy.com>
Wed, 26 Feb 2025 19:46:28 +0000 (19:46 +0000)
committer Grant Slater <github@firefishy.com>
Wed, 26 Feb 2025 19:46:28 +0000 (19:46 +0000)
diff --git a/cookbooks/letsencrypt/templates/default/request.erb b/cookbooks/letsencrypt/templates/default/request.erb

index ccdc25fedf7894f98297dd6d0ed85afc19982798..8bb2847cae8016fa30b976d857961935469279b4 100644 (file)
--- a/cookbooks/letsencrypt/templates/default/request.erb
+++ b/cookbooks/letsencrypt/templates/default/request.erb
@@ -2,6 +2,11 @@
  
  # DO NOT EDIT - This file is being maintained by Chef
  
+if [ "$(id -un)" != "letsencrypt" ]; then
+    echo "Error: This script must be run as user letsencrypt" >&2
+    exit 1
+fi
+
  /usr/bin/certbot certonly \
      --non-interactive \
      --config-dir /srv/acme.openstreetmap.org/config \
author	Grant Slater <github@firefishy.com>
	Wed, 26 Feb 2025 19:46:28 +0000 (19:46 +0000)
committer	Grant Slater <github@firefishy.com>
	Wed, 26 Feb 2025 19:46:28 +0000 (19:46 +0000)