From cb468786445ff8a42549f52dde9392b99b1edc64 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@jak-linux.org>
Date: Fri, 30 Nov 2018 13:52:24 +0100
Subject: [PATCH] Add /etc/letsencrypt stuff to ssl_keys/ssl_certs abstraction

`/etc/letsencrypt/live/` contains symlinks to
`/etc/letsencrypt/archive/` which contains the keys. Add the
certs to ssl_certs and the private keys to ssl_keys.
---
 profiles/apparmor.d/abstractions/ssl_certs | 5 +++++
 profiles/apparmor.d/abstractions/ssl_keys  | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
index 50da52f7a..7234f061c 100644
--- a/profiles/apparmor.d/abstractions/ssl_certs
+++ b/profiles/apparmor.d/abstractions/ssl_certs
@@ -32,3 +32,8 @@
   /etc/dehydrated/certs/*/cert-*.pem r,
   /etc/dehydrated/certs/*/chain-*.pem r,
   /etc/dehydrated/certs/*/fullchain-*.pem r,
+
+  # certbot
+  /etc/letsencrypt/archive/*/cert*.pem r,
+  /etc/letsencrypt/archive/*/chain*.pem r,
+  /etc/letsencrypt/archive/*/fullchain*.pem r,
diff --git a/profiles/apparmor.d/abstractions/ssl_keys b/profiles/apparmor.d/abstractions/ssl_keys
index d629871ec..f53d54e0d 100644
--- a/profiles/apparmor.d/abstractions/ssl_keys
+++ b/profiles/apparmor.d/abstractions/ssl_keys
@@ -23,3 +23,6 @@
 
   # dehydrated
   /etc/dehydrated/certs/*/privkey-*.pem r,
+
+  # certbot / letsencrypt
+  /etc/letsencrypt/archive/*/privkey*.pem r,