Hey everybody, noob here
Again here is somebody not liking that letsencrypt needed to be run as sudo/root. So here was my approach that I couldn’t finalize however. Maybe you can directly point out why this is a bad idea or give me a hint which other client could help me out.
I checked out the “No_Sudo_Client” in Python but it has the disadvantage you have to do it yourself.
My Idea was to create a new user encrypt with an priv.key and let him do all the encrypt stuff. As member of /www-data/ it can have access to www-data to do all what is needed. The server-certificates are then stored in his home dir. In my case apache can look them up over there. Or one gives user
encrypt the right to access the default ssl-certificate storage.
In fact I do not unserstand why root access is needed at all (okay installing packages at the begining but afterwards?)
My scenario is not 100% save but I guess better then the root version.
So, how to make it real?: I wanted to install letsencrypt ‘local’ and that was my first problem. Is there no ‘PREFIX’ flag or so? Second: letsencrypt-auto needs root in any case and I cannot make it to run without. The stupid letsencrypt (no-auto) version, I cannot find. Where ist it located? (As I said: “Noob here”)
May some experts of you help me out?
Thank you very much in advance!