From 94bc2547691be970aac3d9a66e9d8d7fe8609e9a Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Wed, 26 Feb 2025 19:46:28 +0000 Subject: [PATCH] letsencrypt: ensure request script runs as correct user --- cookbooks/letsencrypt/templates/default/request.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cookbooks/letsencrypt/templates/default/request.erb b/cookbooks/letsencrypt/templates/default/request.erb index ccdc25fed..8bb2847ca 100644 --- a/cookbooks/letsencrypt/templates/default/request.erb +++ b/cookbooks/letsencrypt/templates/default/request.erb @@ -2,6 +2,11 @@ # DO NOT EDIT - This file is being maintained by Chef +if [ "$(id -un)" != "letsencrypt" ]; then + echo "Error: This script must be run as user letsencrypt" >&2 + exit 1 +fi + /usr/bin/certbot certonly \ --non-interactive \ --config-dir /srv/acme.openstreetmap.org/config \ -- 2.39.5