DietPi-Banner: No certificate found

DietPi 8.17.2
Linux RPi4 6.1.21-v8+ #1642 SMP PREEMPT Mon Apr 3 17:24:16 BST 2023 aarch64 GNU/Linux

Steps to reproduce

  1. Config dietpi-banner to show letsencrypt cert status.
  2. Login as non-root
  3. Banner shows: Let's Encrypt cert status : No certificate found

When I enable it in dietpi-banner to be shown, I can see it after I leave dietpi-banner. After relog again: Let's Encrypt cert status : No certificate found.
When I log in as root, it’s fine.


When I do in Terminal as root (reference):

for i in /etc/letsencrypt/live/*/cert.pem
				[[ -f $i ]] || continue
				certinfo=$(openssl x509 -enddate -noout -in "$i" | mawk '/notAfter=/{print "Valid until "$4"-"substr($1,10)"-"$2" "$3}' 2>&1)
			echo -e "$GREEN_BULLET ${aCOLOUR[1]}${aDESCRIPTION[16]} $GREEN_SEPARATOR $certinfo"

i get the info back, but not as non-root.
I think the problem is the openssl command, which needs root permissions to execute
openssl x509 -enddate -noout -in /etc/letsencrypt/live/some.domain/cert.pem

thx for sharing @Jappe. We will have a look.

The certificate, respectively the whole directory is probably readable for the root user only, I guess :thinking:. Would make somehow sense as this is quite sensible data.