Hello,
this should be a standard use case, but I did not find a good answer via Google.

My host has a SSL key and certificate via letsencrypt, which I want to share with most, but not all, services defined in a docker-compose.yml file.
When I bind-mount /etc/ssl and /etc/letsencrypt, the problem is that the users and groups do not necessarily match the one in the containers and the examples I found via Google seem to assume that only one container is using them or that I make things practically world readable, which is obviously a bad idea for private keys.
The other option would be to copy them into the images, which requires a custom Dockerfile for each service (is this really required?) and more important has the drawback, that the container has to be recreated, and thus also restarted, if the certificate gets updated.
While the latter is perhaps somewhat acceptable for SSL certificates, it has more impact when updating e.g. antivirus databases.

How do people usually solve this?

Thanks in Advance,
Torsten