Many thanks for the quick response.
Highly appreciated.
The fact that LE is not a conventional distro is exactly what I appreciate. Why? Because a stripped down system reduces the attack surface.
Maybe a few words on my scenario:
As a hobby I am running a homeserver based on a slightly hardened and stripped down RPiOS with several services (Bitwarden, Pihole, Lets Encrypt Bot, etc) all separated in individual docker containers. Unfortunately, there is no performant and up-to-date docker image for kodi without X. The only „service“ that actually runs natively is a cron job bash script that copies my Lets Encrypt certs into the user folder of an unpriviledged user.
I have two other appliances that log in via SCP/SSH to grab them and install them locally. Thus, if they would be compromised they would not have root access to my homeserver (=> Zero Trust Principle). I also would like to avoid that if the homeserver is compromised, an Attacker would have credentials to both of the other appliances. Thus, I am not pushing the files over there.
Would it make sense to deep dive on this use case or would you rather recommend me going for Kodi directly on RPiOS or OSMC (less stripped down and targeted but more flexible)? I thought this should not be as tricky but might have underestimated the amount of water to be pushed uphill..?
Thanks
DaC