Problem with LetsEncrypt

[alec-c4]

As an addition to my previous issue #897 there one more problem with permissions. If you have user other than root in your deploy.yml file

ssh:
  user: alec

and traefik is configured to use letsencrypt

traefik:
  options:
    network: "private"
    publish:
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json" # <------
  args:
    accesslog: true
    log.level: DEBUG
    accesslog.format: json

    entryPoints.web.address: ":80"
    entryPoints.websecure.address: ":443"

    entryPoints.web.http.redirections.entryPoint.to: websecure 
    entryPoints.web.http.redirections.entryPoint.scheme: https
    entryPoints.web.http.redirections.entrypoint.permanent: true

    certificatesResolvers.letsencrypt.acme.email: "info@example.com"
    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # <------
    certificatesResolvers.letsencrypt.acme.httpchallenge: true
    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web 

you'll be unable to store cert locally, because of insufficient permissions (/letsencrypt will be owned by root).

I've tried to follow recommendations from this issue #667 but it doesn't work. I've tried

• chown on /letsencrypt
• create ./letsencrypt in home directory + configure deploy.yml

Any idea how to fix it?

[djmb]

This should be resolved in Kamal 2. kamal-proxy handles the Let's Encrypt challenge and storing the certificate for you.