I’m setting up TaskWarrior on my freedombox, with an unprivileged daemon account called taskd. TaskWarrior can use letsencrypt certs for communication, but the /etc/letsencrypt/live folder is owned by root, which kind of makes sense. However, I’d like to be able to load this material for use in my taskwarrior server without running taskwarrior as root. Here’s some Ideas i had:
- Option 1 - Somehow allow the taskwarrior instance to get to these files.
- Option 2 - Use the letsencrypt certs to create a sub-cert that is only for taskwarrior.
Obviously option 2 is kind of lame because the child keys and stuff will expire when the parent stuff expires.
How should I go about using these certs? In a perfect world, I wouldn’t need to give root to taskwarrior, and the certs will renew automatically with certbot.