Select Git revision
acmebot.service
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
acmebot.service 684 B
[Unit]
Description=Reconcile Let's Encrypt certificates
Documentation=file:/usr/share/doc/acmebot/README.rst.gz
After=nss-lookup.target
After=apache2.service nginx.service bind9.service nginx-proxy.service
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/acmebot --accept
TimeoutStartSec=5min
CapabilityBoundingSet=CAP_CHOWN
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ReadWritePaths=/etc/ssl
ConfigurationDirectory=acmebot
RuntimeDirectory=acmebot acme/acme-challenge
StateDirectory=acmebot
LogsDirectory=acmebot
ProtectHome=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6