-1

Running this command from root,

certbot certonly --webroot -w /home/myuser/myfolder/public/ -d subdomain.my.site

Certbot doesn't care about this folder and proceeds to put certificates somewhere else:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/subdomain.my.site/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/subdomain.my.site/privkey.pem

Why? I like really need them in that folder, my web server shouldn't have access to /etc/

I also expected certbot to create all these .well-known/acme-challenge/whatever folders

Because it is going to expire sometimes and it would be sad to move files by hand

Also the web server is express so this is why I'm not using predefined options like certbot apache2 :(

UPD. this is the guide I was trying to follow - https://www.sitepoint.com/how-to-use-ssltls-with-node-js/

So how am I supposed to access /etc/... if I'm running an express server without any root

r32
  • 15
  • 4

1 Answers1

0

The webroot option for certbot is for telling certbot which directory for the .wellknown-folder during the http challegenge.

Certbot itself does not have a way to change the location, where it stores the requested certs.

Either copy them yourself, or consider using another tool like dehydrated where you can choose where the certs are stored.

ethergeist
  • 599
  • 4
  • 14
  • Thanks! But anyway I think I'm doing something wrong. So everyone who uses express has to go through this process every time he makes a new certificate? It feels like there should be a better way... – r32 Jun 19 '21 at 22:14
  • I >literally< linked you a "better" way, if you just want to place your certs in another folder by default. :) (And arguably it's quite often that express.js is not handling the TLS process at all but some ingest proxy somewhere down the line.) – ethergeist Jun 19 '21 at 22:17