Moving certificate output directory

Hey gang, gonna keep this short and sweet; so whenever we renew our certificates, they get put as a symlink in the certbot/live folder that leads to the archive folder - I have a web hosting application that needs the actual certificate files, privkey and fullchain, in a specific folder to recognize them. Before, I had to manually move them over to that specific folder, and I was wondering how and if one could possibly make it so that when certbot autoruns the renew command that it just puts them in there, a copy or whatever, automatically?

Thanks!

Please see the Certbot documentation for the --deploy-hook option. That's probably the best method.

Please just copy [instead of move].

Yes sorry, that's what I meant. I barely ever CTRL+X things, so for me moving things is just copying them.

Which?

Why can't it follow/access the symlinks?
[does it show a specific error message?]

Is this problem better left alone? LOL

It's called FoundryVTT, it's a virtual tabletop built in Java I believe - I don't know why really, the SSL certificate part of the application just requires you give it a path for where the certificates are stored.

However if you point it to live/domain_name where the symlinks are, the program just auto crashes, which is incredibly whacky.

I'm not particularly tech savvy when it comes to networks (opening ports is where I usually draw the line hehe) so I might have to give up on this haha

Do you have to set any particularly special access permissions to the copied files?

No, none at all. If I copy the symlinks, "move them", into the config folder of FoundryVTT, it accepts them and lets anyone connecting to the domain see that it's a safe connection.

Do onto any of those copies:
ls -l /path/file

I found this online:

certbot certonly --standalone -d server.name,www.server.name
cp /etc/letsencrypt/live/server.name/fullchain.pem /home/foundryvtt/foundrydata/Config/
cp /etc/letsencrypt/live/server.name/privkey.pem /home/foundryvtt/foundrydata/Config/
chown foundryvtt:foundryvtt /home/foundryvtt/foundrydata/Config/*.pem

Which is what I was suspecting.
Without the "chown" of the copies, the problem persists.
So, it is not the symlink that is causing the problem.

The FoundryVTT docs are clear and persistent in saying to copy them to its own config folder

As Osiris noted, Certbot --deploy-hook should make that easy.

Or, create your own script to run certbot renew and then copy them to Foundry. They may not be new but copying each time shouldn't be trouble. Does Foundry need restarting after a fresh cert?

I don't think the symlink is any part of the problem.
It is all about access permissions.

I'd rather see the privkey.pem file in only one location [on disk].

Seems like overkill and may be problematic.
But there should be a reasonable compromise.

Very possibly. And I agree best to avoid extra copies. But, Foundry may just have restrictions on paths in its config system. No folder names are ever shown as examples.

I only have foundry running whenever I need to use it, so it wouldn't be a problem. I am unsure how to effectively use the --deploy-hook command as whenever I use it I get massive texts saying it's not in path. Foundry is currently on my (F:) Drive if that matters ?

...
Still waiting ...
...

Wimdows?!?!?!?!
LOL

Sorry didn't see that, what do I need to do with that command? Can I just use that with regular Command Prompt?

Instead of sorting that out you could:

Ahhhhh!
More Windows - LOL

As my maid says:
I don't do Windows!"

You could run a task to copy those files every night.
It shouldn't make any difference how many times they get copied over.

The receiving folder already has the required access for the program to use them from there.