# vim:syntax=apparmor
# ------------------------------------------------------------------
#
#    Copyright (C) 2009 Canonical Ltd.
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

  # private ssl permissions

  # Just include the whole /etc/ssl directory if we should have access to
  # private keys too
  /etc/ssl/ r,
  /etc/ssl/** r,

  # acmetool
  /var/lib/acme/live/* r,
  /var/lib/acme/certs/** r,
  /var/lib/acme/keys/** r,

  # dehydrated
  /{etc,var/lib}/dehydrated/certs/*/privkey*.pem r,

  # certbot / letsencrypt
  /etc/letsencrypt/archive/*/privkey*.pem r,

  /etc/certbot/archive/*/privkey*.pem r,