Cert Permissions

I have an nginx site with a nodej express web app, and am trying to get the certificates working for both. Installed as su with snapd certbot nginx and all works perfect for that side. But I don’t fully understand the right way to get access to the files in the live folder for the nodej app. Basically it’s the permission issues accessing the files. I was hoping to just symlink the live folder into the nodej app but it doesn’t work. If I copy the files directly with the right permissions and make them readable it’s all good.

So, what is the right way to symlink to the live folder so the app can read the certs? Since the live folder is root only?

If it’s to chmod the live folder, when a new cert is issued won’t the permissions be restored and break the nodej app again?

If you need the files to be accessible by another process that doesn't have root access, I think probably the easiest thing to do would be to add a deploy hook that copies the files to some other place and sets the permissions as needed. There may be ways to set the permissions more directly as you need to, but I think I'd prefer to not mess with the existing system.


Since you already employ nginx, wouldn't it be easier to reverse proxy your node app through nginx?


Thank you!

Typically, I went straight to the install info and missed anything about hooks. Figured there was a better way then what I was thinking, plus hooks is already built in.

It’s an existing setup and honestly more of a copy/paste for the nodej app. So copying the certificates to the existing ssl folder in the ngix directory is much easier for me.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.