On Ubuntu 20.04 the default installation of mumble server doesn’t startup with a certbot letsencrypt certificate. The reason is unsufficent permission to the key files which are owned by root.
More precisely mumble server is started under its own user id mumble-server
, but the files created by certbot can only be read as root. This results in the following mumble-server error message:
Failed to read /etc/letsencrypt/live/example.com/fullchain.pem Failed to load SSL settings. See previous errors.
This can be fixed quite easily by changing a setting in /etc/default/mumble-server
from
MURMUR_USE_CAPABILITIES=0
to
MURMUR_USE_CAPABILITIES=1
and restart mumble-server. MURMUR_USE_CAPABILITIES=1
starts the server as root (which is then able to read the keys) and drop to non priviledged user afterwards.