How to fix mumble-server startup with letsencrypt certificates on Ubuntu

On Ubuntu 20.04 the default installation of mumble server doesn’t startup with a certbot letsencrypt certificate. The reason is unsufficent permission to the key files which are owned by root.

More precisely mumble server is started under its own user id mumble-server, but the files created by certbot can only be read as root. This results in the following mumble-server error message:

Failed to read /etc/letsencrypt/live/
Failed to load SSL settings. See previous errors.

This can be fixed quite easily by changing a setting in /etc/default/mumble-server from




and restart mumble-server. MURMUR_USE_CAPABILITIES=1 starts the server as root (which is then able to read the keys) and drop to non priviledged user afterwards.