Using existing cert files

I’m setting up a self-hosted Bitwarden instance. I wanted to use cert files generated by Let’s Encrypt… so I generated them the only way I knew how, which was to gen up an Apache web server and go through the AJAX cruft. It generated a fine set of certs in /private/etc/letsencrypt/live, at which point I shut down the web server, understanding that Bitwarden was going to want port 443 all to itself to listen to. (My plan was to bring the web server back up later on port 80-only, so cert renewals would continue to work.) Then I put the paths to these cert files in config.yml.

The problem is that this directory is readable only to root, which is why I think docker ps is telling me that the nginx task is continually restarting.

I can copy the cert files into the bwdata directory, but Let’s Encrypt cert files have a very short shelf life – what happens when it’s time to renew them? Will Bitwarden do that? I have a cron job already set up (as per Let’s Encrypt instructions) to renew the cert over the web server when necessary, but it’s not going to renew the copies in bwdata (which is why I tried to use them in place in config.yml).

Am I going about this the wrong way, trying to double-purpose a set of web server cert files for Bitwarden? Am I supposed to use an entirely independent cert, and if I do, will BW renew it properly?

(I assume if I had answered the prompt “Do you want to use Let’s Encrypt to generate a free SSL certificate?” with yes at install time, this may have “all worked,” but I didn’t, and I haven’t found any way to either get those prompts again or deinstall BW and reinstall it again from scratch.)