Skip to content
Snippets Groups Projects
Select Git revision
  • 8075bbbf6b029fb7431036c53cebc444f21f7acb
  • master default protected
  • th/caddy-wip
  • th/caddy
  • th/lego
  • th/acmebot
  • pyzabbix
  • th/keycloak
8 results

acmebot.service

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    acmebot.service 684 B
    [Unit]
    Description=Reconcile Let's Encrypt certificates
    Documentation=file:/usr/share/doc/acmebot/README.rst.gz
    After=nss-lookup.target
    After=apache2.service nginx.service bind9.service nginx-proxy.service
    
    [Service]
    Type=oneshot
    ExecStart=/usr/local/sbin/acmebot --accept
    TimeoutStartSec=5min
    CapabilityBoundingSet=CAP_CHOWN
    NoNewPrivileges=yes
    PrivateTmp=yes
    PrivateDevices=yes
    ProtectSystem=strict
    ReadWritePaths=/etc/ssl
    ConfigurationDirectory=acmebot
    RuntimeDirectory=acmebot acme/acme-challenge
    StateDirectory=acmebot
    LogsDirectory=acmebot
    ProtectHome=yes
    ProtectKernelTunables=yes
    ProtectControlGroups=yes
    RestrictRealtime=yes
    RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6