Hello, In my setup Liquidsoap was failing to start its SSL input stream (the input.harbor.ssl part) with the error SSL: Certificate error: error:0200100D:system library:fopen:Permission denied. This meant Liquidsoap, running as the libretime user, could not read its SSL private key file (privkeyX.pem) located in /etc/letsencrypt/archive/(your domain name)/
The most direct fix for the immediate Permission denied error was applying the correct group execute permission to the /etc/letsencrypt/archive directory:sudo chmod g+x /etc/letsencrypt/archiveThis allowed the libretime user to traverse the directory path and access the private key.
While often handled by Certbot, we also explicitly ensured the specific private key file had the correct group ownership and read permissions:`sudo chgrp ssl-cert /etc/letsencrypt/archive/(domain name)/(priv key name).pem \ sudo chmod g+r /etc/letsencrypt/archive/(domain name)/(priv key name).pem
This ensures the ssl-cert group (and thus the libretime user) can read the file itself.