Thanks for the patch. I think it should be noted that this is not specific to Let's Encrypt, but rather to certbot. There are various alternative ACME clients - instead of adding ACME client specific locations here, can certbot not be configured to install the certificates to /etc/coturn/tls with the right privileges using a user defined post-hook instead?

What's the reason for removing the group permissions from the lib and log directories? I deemed this useful for allowing less privileged users access to the log data.

Regarding the sysusers file, if you're already reformatting it, you could remove the superfluous g and m lines, they are already handled by u - sysusers.d(5). :-)

Christian Wittmer (computersalat) - about 1 year ago

author source maintainer target maintainer

About /etc/coturn/tls it is up to the admin if he wants certs to be copied over or if he wants to create symlinks. I prefer symlinks. Mysql also has that problem with letsencypt cert read permission hence I ran for symlinks, because its more easy and clear where the certs come from.

superseded ...