- # Source: https://github.com/lukas2511/dehydrated
-@@ -94,7 +94,7 @@
- load_config() {
- # Check for config in various locations
- if [[ -z "${CONFIG:-}" ]]; then
-- for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
-+ for check_config in "/etc/dehydrated" "/etc/webapps/dehydrated" "/usr/local/etc/dehydrated" "/etc/webapps/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
- if [[ -f "${check_config}/config" ]]; then
- BASEDIR="${check_config}"
- CONFIG="${check_config}/config"
-@@ -115,7 +115,7 @@
+ # Source: https://dehydrated.io
+@@ -11,7 +11,7 @@
+ [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
+ [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
+
+-umask 077 # paranoid umask, we're creating private keys
++umask 027 # allow root and dehydrated group only to protect private keys
+
+ # Close weird external file descriptors
+ exec 3>&-
+@@ -28,7 +28,7 @@
+ done
+ SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
+
+-BASEDIR="${SCRIPTDIR}"
++BASEDIR="/var/lib/dehydrated"
+ ORIGARGS="$@"
+
+ # Create (identifiable) temporary files
+@@ -135,7 +135,7 @@