I’m considering changing the rights of
mynormalusername:root. That way I can run the script as my daily user and the script can do whatever it wants in /etc/letsencrypt… Place all the certificates and so on… But the first instance of Apache (running as root) can access the certificates too, 'cause of the root GID rights
Haven’t tested it tho, but should be viable I recon…
As long as Let’s Encrypt is relying on custom Debian a2rmmod-scripts and so on I can’t use all those fancy automatically Apache shizzle, so only webroot for me… So I won’t be needing root anyway. Therefore, scripts shouldn’t be running as root if it isn’t needed indeed.