Comment on coturn can't get access to certificates
hendrik@palaver.p3x.de 4 months ago
Maybe sth like usermod -a -G letsencrypt coturn which puts the coturn user in the letsencrypt group. Allowing that user access to files owned by the group. I haven't checked the names. Maybe the group is called differently, certbot or something. Obviously that grants that coturn user access to all the certificates. You might want to set some directory permissions instead, if you have multiple certificates and don't want coturn be able to read or mess with certificates of other domains.
someoneFromInternet@lemmy.ml 4 months ago
seems like I have not letsencrypt or certbot group
hendrik@palaver.p3x.de 4 months ago
So who owns the certificate files then? It's got to be some user and group?!
someoneFromInternet@lemmy.ml 4 months ago
root owns all certificates
Oisteink@feddit.nl 4 months ago
either create a cert group and give that group permission to the certs, or add a handler to distribute the cert+key on renew to your service’s folder, and change owner/group to whats relevant to the service