Adapt the owner/permission of the token within the funtion push_domain_response()

[SDuesterhaupt]

Sometimes I have problems to read the token:

check verification of <domain>
<domain>: invalid
  Invalid response from <domain>/.well-known/acme-challenge/cwlfR7Vf83erv_zziIWrruVpokwJgaGCquXvT_y0FSk [IP]: \ (urn:ietf:params:acme:error:unauthorized)
remove response for <domain>

The token is created with that owner which also runs the letsencrypt.sh. Here it was root.

The webserver executes the webcontent with a owner which is not root. Generally in the default installation it's apache (CentOS) or www-data (Debian?).

So maybe we should set the owner and optionally the permission within the function push_domain_response() by:

# SDuesterhaupt: 2019-11-30 - Adapt the owner/permission of the token
MyUser="$(stat -c '%U' $TOKEN_DIR)"
MyGroup="$(stat -c '%G' $TOKEN_DIR)"
chown "$MyUser:$MyGroup" "$TOKEN_DIR/$DOMAIN_TOKEN"
#chmod 660 "$TOKEN_DIR/$DOMAIN_TOKEN"

The user and group names are inherited by the TOKEN_DIR.

[bruncsak]

What is the umask value of your root account? I guess its last digit is greater than 3, so the files created by root is not readable by any user. I do not want to put privileged command (chown) into the script, since its use does not require root access. (I even recommend not to run it as root.). But making the created token file world readable is good idea, so the web server could definitely read it.

Here is the patch: https://github.com/bruncsak/ght-acme.sh/commit/20a85140ef2a5834bd0819f235ca316da3d3b36d