Certbot is willing to try to use a single webroot for as many domains as you want, but most setups require a different webroot for each domain whenever the content on each domain is different. The point of the webroot is to create a file that will be publicly visible on each domain’s web site. If the different domains are hosting different sites with different content, these files would normally need to be created in different places on the web server.
Webroot may not be the answer as @schoen has pointed out.
But you may be able to use a global “alias” (or one in each vhost file) that all point to the same folder.
Apache code:
<IfModule alias_module>
Alias /.well-known/acme-challenge/ /common/path/for/all/challenges/
</IfModule>
NGINX code is something like one of these - depends on the client you’re using:
location ^~ /.well-known/acme-challenge/ {
allow all;
alias /common/path/for/all/challenges/;
}
Each of the 3 domains are separate websites with different content. As you said, the certbot is willing to use a single domain, because i just updated the cert with the third subdomain and a single webroot, all my domains are working with https as usual.
I can go ahead and provide different webroots for my domains if that’s the recommended way, it’s not a problem (just slightly more work ).
It's not about recommendations, it's all about how webservers work. Most (virtual) hosts (or sites) are assigned different locations on the server for their content. So for site A, the webserver looks for the files on, for example, /var/www/A/public_html/ and for site B on location /var/www/B/public_html. Now, if one would put the file "test.txt" at /var/www/A/public_html and go to http://B/test.txt, one would get a file not found error!
That's why most of the time different sites require different webroots.
).