Unable to read private key file

[nicksardo]

s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun google_cloud_dns (no readiness notification)
s6-rc: info: service legacy-services successfully started
pkcs12: Can't open "/data/workdir/gcp.pem" for writing, No such file or directory
[15:43:07] FATAL: Unable to read private key file /config/google-ha-serviceacct.p12
[22:43:07] WARNING: Halt add-on
s6-rc: info: service legacy-services: stopping
[22:43:07] INFO: Service restart after closing
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

I've confirmed /config/google-ha-serviceacct.p12 exists via terminal.

Config:

lets_encrypt:
  accept_terms: false
  certfile: fullchain.pem
  keyfile: privkey.pem
  renewal_period: 5184000
  dns_delay: 60
project: [redacted]
zone: [redacted]
email: ha-letsencrypt@[redacted].iam.gserviceaccount.com
keyfile: google-ha-serviceacct.p12
keyfile_password: notasecret
domain: [redacted]
ttl: 600
scan_interval: 300

[nicksardo]

Looks like the addon only works if lets_encrypt is enabled because the workdir is only made in that case. If it's not made, the error pkcs12: Can't open "/data/workdir/gcp.pem" for writing, No such file or directory is raised.

[jdesai61]

I have the same problem