This pull request proposes mounting the warden self signed certs to a warden subdirectory within the same location.

Currently warden is mounting the self signed SSL certificates to /etc/ssl/certs/. In the process it inadvertently removes all the system certificates.

As a result, you are unable to install any Traefik plugins as it fails to verify the TLS certificate. With the following error message in the Traefik logs.

traefik  | time="2024-10-20T20:58:40Z" level=error msg="Plugins are disabled because an error has occurred." error="failed to download plugin github.com/acouvreur/sablier: failed to call service: Get \"https://plugins.traefik.io/public/download/github.com/acouvreur/sablier/v1.5.0\": tls: failed to verify certificate: x509: certificate signed by unknown authority"

Reproduction Steps

1. Set your Traefik version to one that supports plugins echo TRAEFIK_VERSION=2.9 >> ~/.warden/.env
2. Install a plugin by appending the following to the traefik.yml configuration

experimental:
  plugins:
    sablier:
      moduleName: github.com/acouvreur/sablier
      version: v1.5.0

3. Start the warden svc and tail the traefik logs warden svc up && warden svc logs traefik -f