Hello,
I have been working on this framework idea for a central SSL repo. The basic idea is:
- Certbot client = responsible for cert creation,renewal
- installed via snap
- Python application (systemd) = responsible for watching Certbot for changes (within the /etc/letsencrypt/)
- When change is detected, do some updates to 3rd party systems with the cert changes
One of the big issues seems to be folder permissions to read files within /etc/letsencrypt when called via systemd. This seems to stem with an issue of snapd packages and systemd.
(Snap packages run in a confined environment that conflicts with systemd service security restrictions). [environment variables, user context, path resolution, security models)
- I have attempted to get around these restrictions but, seems the workarounds get very messy and not a great way to implement the solution
Alternative installs:
- I would like to stay with the snap approach, as it is the recommended way and will be best supported in the future
- pip is a "best effort" only support, so not a good way foundation to build on
- APT prefer to keep/stay with the recommended way. But maybe this is my only choice
- Docker adds a level of complexity with this I am trying to avoid
The ASK:
- any suggestions on how I might get around this issue?
- is my only real alternative to use APT package?
Thanks