copy key in acme_post_hook to preserve permissions

data/conf.d/30-tls.yml

@@ -16,5 +16,5 @@ s2s_use_starttls: required
 
 certfiles:
   - /etc/ssl/ejabberd/fullchain.pem
-  - /etc/ssl/ejabberd/key.pem
+  - /etc/ssl/ejabberd/ejabberd-key.pem
 

docker-compose.yml

@@ -61,7 +61,7 @@ services:
                         proxy.${HOSTNAME},
                         push.${HOSTNAME}
       LETSENCRYPT_EMAIL: webmaster@${HOSTNAME}
-      ACME_POST_HOOK: chmod a+r /etc/nginx/certs/${HOSTNAME}/key.pem
+      ACME_POST_HOOK: install --owner=9000 --group=9000 --mode=500 --preserve-timestamps /etc/nginx/certs/${HOSTNAME}/key.pem /etc/nginx/certs/${HOSTNAME}/ejabberd-key.pem
 
     networks:
       - reverse-proxy_default