Certbot, same webroot for multiple subdomains?

I have 1 domain and 2 subdomains, example.com, api.example.com, api2.example.com.

Is it okay if i set the webroot to be /path/to/example.com/webroot for all 3 domains?

I’ve seen examples where people give different webroots per domain.

From what i understand, the webroot is only for responding to the challenge, so what difference does it make if i give 1 or multiple webroots?

For context
-running an ubuntu VPS with nginx serving multiple node apps
-i have a single certificate for my domain and all subdomains.

Hi @guanzo,

Certbot is willing to try to use a single webroot for as many domains as you want, but most setups require a different webroot for each domain whenever the content on each domain is different. The point of the webroot is to create a file that will be publicly visible on each domain’s web site. If the different domains are hosting different sites with different content, these files would normally need to be created in different places on the web server.

Webroot may not be the answer as @schoen has pointed out.
But you may be able to use a global “alias” (or one in each vhost file) that all point to the same folder.

Apache code:

<IfModule alias_module>
 Alias /.well-known/acme-challenge/ /common/path/for/all/challenges/

NGINX code is something like one of these - depends on the client you’re using:

location ^~ /.well-known/acme-challenge/ {
 allow all;
 alias /common/path/for/all/challenges/;
1 Like

Hi @schoen, thanks for the reply.

Each of the 3 domains are separate websites with different content. As you said, the certbot is willing to use a single domain, because i just updated the cert with the third subdomain and a single webroot, all my domains are working with https as usual.

I can go ahead and provide different webroots for my domains if that’s the recommended way, it’s not a problem (just slightly more work :smiley: ).

Thanks @rg305, i’ll see if i can update my nginx to make it work

It's not about recommendations, it's all about how webservers work. Most (virtual) hosts (or sites) are assigned different locations on the server for their content. So for site A, the webserver looks for the files on, for example, /var/www/A/public_html/ and for site B on location /var/www/B/public_html. Now, if one would put the file "test.txt" at /var/www/A/public_html and go to http://B/test.txt, one would get a file not found error!

That's why most of the time different sites require different webroots.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.