Running this command from root,
certbot certonly --webroot -w /home/myuser/myfolder/public/ -d subdomain.my.site
Certbot doesn't care about this folder and proceeds to put certificates somewhere else:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/subdomain.my.site/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/subdomain.my.site/privkey.pem
Why? I like really need them in that folder, my web server shouldn't have access to /etc/
I also expected certbot to create all these .well-known/acme-challenge/whatever folders
Because it is going to expire sometimes and it would be sad to move files by hand
Also the web server is express so this is why I'm not using predefined options like certbot apache2 :(
UPD. this is the guide I was trying to follow - https://www.sitepoint.com/how-to-use-ssltls-with-node-js/
So how am I supposed to access /etc/... if I'm running an express server without any root