Certbot - where is /.well-known created



One of those things that I’m sure is obvious but as a newbie to Linux and to LE, I’m struggling with the basics so I appreciate all the help I can get. I’ve read up what I can but can’t find the answer.

DN = vps379991.ovh.net
Command = certbot certonly --webroot -w /var/www/pbx -d vps379991.ovh.net
Output =

  • The following errors were reported by the server:

Domain: vps379991.ovh.net
Type: unauthorised
Detail: Invalid response from

404 Not Found

404 Not Found

To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contains(s) the right IP address.

Webserver = nginx on Debian Jessie
Host = OVH

I totally understand that the destination is not responding because it does not exist at the root (/var/www/) but I assume it was generated “somewhere”?

Where can I find it? I assume I can just move the file?

Can I specify where the certificate gets created/stored?



Indeed it was generated somewhere–it was generated exactly where you told certbot to put it, at /var/www/pbx. That’s apparently not the document root location for your webserver. I don’t know where it would be, but a few seconds with Google suggests that it would be either /var/www/ or /var/www/html/.

I believe certbot will let you change where the cert is stored, but there’s really no reason to–instead, update your SSL configuration to use the new cert/key in /etc/letsencrypt/live/yourhostname.


Hi danb35,

Thanks for your reply.

I had a feeling someone would say something along those lines but I did check the folder at /var/www/pbx before I posted, but it is empty. That is unless it is hidden. I am relying on the “ls” command to show me. Remember, I am a Linux novice too. If the ls command is not what I should be using then please advise me.

The /var/www/html folder is where the active index file is.

There is no “live” folder in /etc/letsencrypt only accounts and renewal.

Leaving the office soon, so I’ll pick up again tomorrow.




You won’t see /etc/letsencrypt/live until it successfully obtains a cert. In Unix-like operating systems (including Linux), file or directory names beginning with a . are usually hidden. To see them, run ‘ls -a’ rather than just ‘ls’.

But if the active index file is in /var/www/html, that’s probably the path you should use with the -w flag.


Hi danb35,

Thanks for your help, the certificate now verifies and was created.

Onto the next challenge.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.