Problem
vix proxy nginx certbot can fail after Certbot succeeds because the current user cannot read:
/etc/letsencrypt/live/.../fullchain.pem
The certificate was created correctly, but Vix reports an error only because it tries to read a private certificate path without enough permissions.
This makes the command look like it failed even when Certbot succeeded.
Expected behavior
After Certbot succeeds, Vix should not fail only because the current user cannot directly read the certificate file.
Vix should either:
- use
sudo when verifying certificate files under /etc/letsencrypt
- avoid reading the private certificate file directly
- or validate the certificate through nginx / certbot status instead of direct file access
What to fix
The post-Certbot verification step should be permission-aware.
If Certbot exits successfully and nginx can use the certificate, the command should report success.
Goal
Make vix proxy nginx certbot reliable in production environments where Let’s Encrypt files are readable only by root.
Problem
vix proxy nginx certbotcan fail after Certbot succeeds because the current user cannot read:The certificate was created correctly, but Vix reports an error only because it tries to read a private certificate path without enough permissions.
This makes the command look like it failed even when Certbot succeeded.
Expected behavior
After Certbot succeeds, Vix should not fail only because the current user cannot directly read the certificate file.
Vix should either:
sudowhen verifying certificate files under/etc/letsencryptWhat to fix
The post-Certbot verification step should be permission-aware.
If Certbot exits successfully and nginx can use the certificate, the command should report success.
Goal
Make
vix proxy nginx certbotreliable in production environments where Let’s Encrypt files are readable only by root.