Question about symlinking the certbot pem files... about chasquid HOT 5 CLOSED

Are you sure they won't update? Does certbot create new files instead of overwriting them in place?

from chasquid.

The recommended way is to use filesystem ACLs to give chasquid read access to the /etc/letsencrypt/live and /etc/letsencrypt/archive directories. New files in those directories inherit the ACLs from the parent, so after a cert renewal the new files will also be readable by chasquid.

This is documented in the how-to. In particular, this part sets up the ACLs on the letsencrypt certificates:

# Give chasquid access to the certificates.
# Dovecot does not need this as it reads them as root.
sudo setfacl -R -m u:chasquid:rX /etc/letsencrypt/{live,archive}

Does this help? Let us know if there's something still unclear!

from chasquid.

Thank you. I should have thought of that. It was the README that threw me off, I guess. It recommended symlinking, so that's sort of the lens through which I was sort of viewing the situation. Thanks again. Ill be sure to star the repo if I haven't already.

from chasquid.

I see! The installlation guide mentions the symlinking but not the ACLs, and I think it's a good point that it can be confusing.

I'll update the doc to make it clearer, thanks for letting us know!

from chasquid.

The documentation changes are in master and in v1.9.

Please reopen/comment further if there's any other suggestion, and thanks again for reporting this!

from chasquid.