Package: mumble-server
Version: 1.3.4-1
Severity: normal
X-Debbugs-Cc: i...@geilerschas.at
Dear Maintainer,
mumble-server complains about, not being able to read the certificates, certbot
created for my
nginx server.
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
* What exactly did you do (or not do) that was effective (or
ineffective)?
* What was the outcome of this action?
* What outcome did you expect instead?
*** End of the template - remove these template lines ***
* I wanted to properly verifiy my domain via letsencrypt, since I
already use a Webserver anyways.
* Honestly, the workaround to the issue was fairly obvious: just change the
permissions to given directories/files, given in the error messages:
$ chmod 755 /etc/letsencrypt/live/
$ chmod 755 /etc/letsencrypt/archive/
$ chmod 744 /etc/letsencrypt/archive/privkey1.pem
However, this seems quite lazy and insecure?! At least letyencrypt
discourages this "workaround", so I wanted to report it just to be sure.
Especially since this "workaround" is specifically mentioned in your WIKI:
https://wiki.mumble.info/wiki/Obtaining_a_Let%27s_Encrypt_Murmur_Certificate
* It works, but I am not happy/convinced
* I am not sure if this issue is more related to letsencrypt/certbot
then to mumble-server to be honest, but since mumble-server is the
first program for me to show this kind of issue, I decided to report
it here. Also, I didn't come accross this issue under Debian 10.
I would have expected mumble-server to work out of the box with these
certificates, especially since I have the feeling it did work already.
-- System Information:
Debian Release: 11.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-13-amd64 (SMP w/12 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mumble-server depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.77
ii libavahi-compat-libdnssd1 0.8-5
ii libc6 2.31-13+deb11u3
ii libcap2 1:2.44-1
ii libgcc-s1 10.2.1-6
ii libprotobuf23 3.12.4-1
ii libqt5core5a 5.15.2+dfsg-9
ii libqt5dbus5 5.15.2+dfsg-9
ii libqt5network5 5.15.2+dfsg-9
ii libqt5sql5 5.15.2+dfsg-9
ii libqt5sql5-sqlite 5.15.2+dfsg-9
ii libqt5xml5 5.15.2+dfsg-9
ii libssl1.1 1.1.1n-0+deb11u1
ii libstdc++6 10.2.1-6
ii libzeroc-ice3.7 3.7.5-2
ii lsb-base 11.1.0
mumble-server recommends no packages.
mumble-server suggests no packages.
-- Configuration Files:
/etc/mumble-server.ini changed [not included]
-- debconf information excluded
