Package: acmetool Version: 0.0.62-2 Severity: important If you configure a combined key + certificate file ("haproxy" option), the generated file always has an UID/GID of root/root directly after renewal. This is auto-corrected to the desired UID/GID in the next acmetool run, i.e. usually next day, but if you restart the service using the combined file in the meantime, it will be unable to use the certificate.
-- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.15.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages acmetool depends on: ii libc6 2.27-3 ii libcap2 1:2.25-1.2 Versions of packages acmetool recommends: pn dialog <none> acmetool suggests no packages. -- no debconf information