29 Nov
2021
29 Nov
'21
2:50 p.m.
josé,
The private-key file you have there is world-readable, which it most certainly should NOT be.
Also, "www-data" is a group, not a user, so you MUST be very careful to make sure that ONLY the web-server software can run as a member of that group and that no other user or process can do so. IF you can guarantee those, then permissions (spaces added here for clarity) of
- r w - r - - - - -
should be safe. Putting it another way:
chmod 0640 /etc/ssl/private.key
-- Mike