From 8f4684ca9807d37f404a52a0c96b207835784141 Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Wed, 19 Nov 2025 15:22:01 +0000
Subject: fix: acme.sh-systemd allow read write to /etc/nginx and
 /var/log/nginx so no error when auto renew

---
 etc/systemd/system/acme.sh.service.d/override.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'etc/systemd/system/acme.sh.service.d')

diff --git a/etc/systemd/system/acme.sh.service.d/override.conf b/etc/systemd/system/acme.sh.service.d/override.conf
index 722f60a6..058446db 100644
--- a/etc/systemd/system/acme.sh.service.d/override.conf
+++ b/etc/systemd/system/acme.sh.service.d/override.conf
@@ -1,2 +1,7 @@
+# Note need both /etc/nginx and /var/log/nginx, else acme.sh will error: "It
+# seems that the nginx config is not correct, cannot continue." By editing
+# /usr/share/acme.sh/acme.sh to change `nginx -t >/dev/null 2>&1` to `nginx
+# -t`, we can see nginx's error log: "open() "/var/log/nginx/access.log"
+# failed", this is the reason why /var/log/nginx is also included
 [Service]
-ReadWritePaths=/etc/acme.sh /var/log/acme.sh /etc/postfix
+ReadWritePaths=/etc/acme.sh /var/log/acme.sh /etc/postfix /etc/nginx /var/log/nginx
-- 
cgit v1.2.3-70-g09d2