From 2a770a93b1ad1ab9b19b5676b059c8d21ff28940 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jens=20Mei=C3=9Fner?= <meissner@b1-systems.de>
Date: Mon, 23 Nov 2020 20:32:24 +0100
Subject: [PATCH 1/2] Protect only private keys and leave certificates world
 readable.

---
 lib/Froxlor/Cron/Http/DomainSSL.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/Froxlor/Cron/Http/DomainSSL.php b/lib/Froxlor/Cron/Http/DomainSSL.php
index 4ccc410d..40d4304e 100644
--- a/lib/Froxlor/Cron/Http/DomainSSL.php
+++ b/lib/Froxlor/Cron/Http/DomainSSL.php
@@ -105,7 +105,9 @@ class DomainSSL
 					$_fh = fopen($filename, 'w');
 					fwrite($_fh, $dom_certs[$type]);
 					fclose($_fh);
-					chmod($filename, 0600);
+					if ($type == 'ssl_key_file') {
+						chmod($filename, 0600);
+					}
 				}
 			}
 			// override corresponding array values

From aa1d2ab01d48fded9e0fe5c92be1b53c05bf4138 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jens=20Mei=C3=9Fner?= <meissner@b1-systems.de>
Date: Tue, 24 Nov 2020 17:38:49 +0100
Subject: [PATCH 2/2] Set certificate files explicitly world readable.

---
 lib/Froxlor/Cron/Http/DomainSSL.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/Froxlor/Cron/Http/DomainSSL.php b/lib/Froxlor/Cron/Http/DomainSSL.php
index 40d4304e..82d7c56d 100644
--- a/lib/Froxlor/Cron/Http/DomainSSL.php
+++ b/lib/Froxlor/Cron/Http/DomainSSL.php
@@ -107,6 +107,8 @@ class DomainSSL
 					fclose($_fh);
 					if ($type == 'ssl_key_file') {
 						chmod($filename, 0600);
+					} else {
+						chmod($filename, 0644);
 					}
 				}
 			}