From 069b64672ca415e2544a3b219e2a6759877e2824 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emmanuel=20Beno=C3=AEt?= <tseeker@nocternity.net>
Date: Sun, 5 Dec 2021 18:21:30 +0100
Subject: [PATCH] Configuration - Changed default mode to 0644

---
 config.go                      | 2 +-
 fetch-certificates.yml.example | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/config.go b/config.go
index cd19c25..6706ef2 100644
--- a/config.go
+++ b/config.go
@@ -261,7 +261,7 @@ func (c *tCertFileUpdateConfig) Validate(handlers *tHandlers) error {
 // Return the mode of a certificate file
 func (c *tCertificateFileConfig) FileMode() os.FileMode {
 	if c.Mode == nil {
-		return 0640
+		return 0644
 	} else {
 		return *c.Mode
 	}
diff --git a/fetch-certificates.yml.example b/fetch-certificates.yml.example
index 8942d74..373e524 100644
--- a/fetch-certificates.yml.example
+++ b/fetch-certificates.yml.example
@@ -76,7 +76,8 @@ certificates:
 
     # Path to the file to generate
   - path: /etc/ssl/private/cert1.pem
-    # Access mode, owner and group for the file. May be omitted.
+    # Access mode, owner and group for the file. May be omitted. The mode
+    # will default to 0644 if unspecified.
     mode: 0640
     owner: root
     group: somegroup