diff --git a/main.go b/main.go
index 1c217cd53b6b7c9bdacfb9d6691e364b9473589b..2eb135a191e75e924a831f86bbe765c8d6f18901 100644
--- a/main.go
+++ b/main.go
@@ -7,6 +7,7 @@ import (
 	stdlog "log"
 	"net/http"
 	"os"
+	"syscall"
 
 	"github.com/julienschmidt/httprouter"
 	"github.com/rs/cors"
@@ -15,6 +16,8 @@ import (
 )
 
 func main() {
+	// Created files are not world writable
+	syscall.Umask(0077)
 	// Read global config
 	var err error
 	if fileIsAccessible("/etc/acme-dns/config.cfg") {