I’m on Debian Jessie and I installed certbot as per documentation .
I have a question regarding pem files generated by certbot. How to access them as app running by non-root account?
I am not that familiar with this as I am no sysadmin, and I’ve seen many approaches, but hard to say which one is “good” (in terms of security and so on):
- chmod and chown directories and files (many different permissions used)
- copying keys to place where nonroot user can access them
- creating/reusing some another group that can access files
Another concern is: how does it cooperate with certbot renewal? From what I can see, people usually write scripts doing steps mentioned before. But the stuff I found about it is sometimes more than year old, so maybe there are some changes that make the whole process easier?