ES SSL - a proper way
Posted: Wed Mar 30, 2022 12:13 am
I'm doing an ES server on a ZM server (both current stable versions) with NGINX and LE/certbot installed certificates.
I'm at the point where ES is complaining it can't see the certs and I know it's because www-data is not allowed to look there.
ES_CERT_FILE=/etc/letsencrypt/live/zm.ifc-pdx.com/fullchain.pem
ES_KEY_FILE=/etc/letsencrypt/live/zm.ifc-pdx.com/privkey.pem
LE locks down the certs pretty tightly.
Is there a clever way to allow ES access to those certs w/o a blanket www-data access to the LE directories?
I'm at the point where ES is complaining it can't see the certs and I know it's because www-data is not allowed to look there.
ES_CERT_FILE=/etc/letsencrypt/live/zm.ifc-pdx.com/fullchain.pem
ES_KEY_FILE=/etc/letsencrypt/live/zm.ifc-pdx.com/privkey.pem
LE locks down the certs pretty tightly.
Is there a clever way to allow ES access to those certs w/o a blanket www-data access to the LE directories?