forcemerge 819107 902620 810216 severity 902620 normal thanks Hello Roland,
We definitely want to move to using a more "Debian standard" approach to the certbot user -- especially for the keys it writes out --, but it's a complicated problem. For example, many of the certbot plugins add or alter webserver configuration, which means that the certbot user would need permission to access those directories, or some method of gaining higher privileges for certain operations. This is something we've talked about with upstream in the past, but we don't currently have a plan to implement. I'd personally like to see us switch to use a more Debian approach for the key storage before we do anything else -- something I'd like to see go into buster. Thanks for reporting this! -- Harlan Lieberman-Berg ~hlieberman
