https://bugzilla.redhat.com/show_bug.cgi?id=1366355 --- Comment #30 from Stuart D Gathman <stuart@xxxxxxxxxxx> --- The README advises using semanage to label /var/lib/acme/certs as cert_t so that dovecot and others can use the certs directly. But the package should provide for this. Possible solutions: a) run semanage fcontext during (pre-)installation. b) ask selinux policy to label /var/lib/acme as cert_t c) Have package install a /etc/pki/acme directory owned by acme, which will then be cert_t. o) Moving /var/lib/acme to /etc/pki/acme is not optimal for two reasons: 1) a pain for existing users (including me!) 2) makes acme-tiny unusable by systems that keep /etc readonly during normal operation. o) The cron script could update certs in *both* /etc/pki/acme and /var/lib/acme d) Investigate using the /var/lib/letsencrypt directory used by certbot. o) Don't want both systems trying to renew the same certs. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx