From c709a592ebc0f21718817eeac331e657cf99df60 Mon Sep 17 00:00:00 2001
From: Johannes 'fish' Ziemke <github@freigeist.org>
Date: Mon, 22 Aug 2016 12:45:37 +0200
Subject: [PATCH] Use secure mode 600 instead of 644 for acme.json

---
 acme/acme.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/acme/acme.go b/acme/acme.go
index 7f75b8ad8..e8e809bbc 100644
--- a/acme/acme.go
+++ b/acme/acme.go
@@ -9,9 +9,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	log "github.com/Sirupsen/logrus"
-	"github.com/containous/traefik/safe"
-	"github.com/xenolf/lego/acme"
 	"io/ioutil"
 	fmtlog "log"
 	"os"
@@ -19,6 +16,10 @@ import (
 	"strings"
 	"sync"
 	"time"
+
+	log "github.com/Sirupsen/logrus"
+	"github.com/containous/traefik/safe"
+	"github.com/xenolf/lego/acme"
 )
 
 // Account is used to store lets encrypt registration info
@@ -481,7 +482,7 @@ func (a *ACME) saveAccount() error {
 	if err != nil {
 		return err
 	}
-	return ioutil.WriteFile(a.StorageFile, data, 0644)
+	return ioutil.WriteFile(a.StorageFile, data, 0600)
 }
 
 func (a *ACME) getDomainsCertificates(client *acme.Client, domains []string) (*Certificate, error) {