TabPy and LetsEncrypt Certificates on Ubuntu - non-root permissions?

[kwculp]

Hello,

I am trying to configure a TabPy server on a Raspberry Pi running Ubuntu. I’ve installed LetsEncrypt certificates on this device using certbot to enable https connections.

However, TabPy can’t access them and run as a secure server unless I run TabPy as root (sudo tabpy —config=/etc/tabpy.conf). I prefer not to do that.

I know this is likely due to permissions issues, but I’m not quite sure how to fix it. The certs are in /etc/letsencrypt/live/$domain$/, and anything in the “live” directory or lower is restricted to root access.

Any suggestions?

Thank you,
Kevin

[kwculp]

I found a way to make this work by assigning group ssl-cert to the live and archive directories in /etc/letsencrypt, then changing permissions for both directories (and all contents) to 0750. Not sure that is the best practice but it’s all I could come up with.