> (...) > I run the redmine app as a normal user so puma can't read the > /etc/ssl/private/redmine.MY.DOMAIN.COM.key (default perm 400).
Does your environment require keys in /etc/ssl/private? maybe some corporate policies or such... If not you can simply configure acme-client(1) to place cert and key into locations where puma user can access them. > (...) > If I change perm /etc/ssl/private/redmine.MY.DOMAIN.COM.key to 555 website > loads on FF correctly (no errors on puma) but I still got an error on curl: > (...) > If I have ssl key permission set to 555 I also got an error from acme client: I wouldn't change permissions of files/directories in base (see security(8), mtree(8), ...)
