I’m using a certificate with exim4 on Debian but I’ve found that I need to point exim at
/etc/letsencrypt/archive/mydomain.com/fullchain1.pem instead of the
I also had to change the permissions in
/e/l/a because it assumes only root will be accessing these, which is not true on my system (e.g. exim does not run as root, but nevertheless needs access to the private cert).
But I notice the
1 in the archive and assume there will be a
2 at some point, perhaps after renewal. This will obvs. break my exim config.
Can anyone explain under what circumstances the names in
/e/l/archive/ are created/updated?
Otherwise I’ll need to write a knotty script that derefs symlinks to ensure that exim has the up-to-date cert.