2017/05/06 12:14:37 [error] 9610#9610: *68 [lua] lets_encrypt.lua:62: issue_cert(): auto-ssl: dehydrated manual hook.sh failed: env HOOK_SECRET=32cffc43cb.... HOOK_SERVER_PORT=8999 /usr/local/openresty/luajit/share/lua/5.1/resty/auto-ssl/shell/letsencrypt_hooks deploy_cert xxx /etc/resty-auto-ssl/letsencrypt/certs/xxx/privkey.pem /etc/resty-auto-ssl/letsencrypt/certs/xxx/cert.pem /etc/resty-auto-ssl/letsencrypt/certs/xxx/fullchain.pem /etc/resty-auto-ssl/letsencrypt/certs/xxx/chain.pem 1494072877 status: 256 out: hook request failed
(...)
++ cat /etc/resty-auto-ssl/letsencrypt/certs/xxx/privkey.pem
+ local 'PRIVKEY=-----BEGIN RSA PRIVATE KEY-----
(...)
When the hook fails, the private key is written to the log verbatim. While logs are usually only readable by root, this can still be a problem in systems which stream logs via syslog-ng. There are also many setups using the ELK stack to collect logs centrally.
When the hook fails, the private key is written to the log verbatim. While logs are usually only readable by root, this can still be a problem in systems which stream logs via syslog-ng. There are also many setups using the ELK stack to collect logs centrally.