How exactly does certbot create web access to domain.tld/.well-known/ and what is in there?


Just setting up a free HTTPS certificate for a client (thanks, letsencrypt and certbot! definitely going to push them to make a yearly donation) and I am worried that I can’t figure out exactly how certbot created the /.well-known/ folder on my Ubuntu 14.04 OS running nginx.

/usr/share/nginx/html/.well-known exists on my system, but it is empty.

If I change the root file folder from /usr/share/nginx/html will I have to more the .well-known directory as well? Or symlink to it from the new root directory?

What is .well-known exactly and how is it used?


The ‘.well-known’ directory isn’t Let’s Encrypt specific, but a general “method” as described in RFC 5785.

In this directory, a directory ‘acme-challenge’ is created. This directory is removed automatically after the authentication phase. But the ‘.well-known’ directory isn’t, as it might be used by other programs/services.

If you’re certain there are no other programs/services which need the ‘.well-known’ directory, one might delete it manually. This shouldn’t hamper certbot in any way, as it should make the dir again if and when needed. But it isn’t harmfull to just leave the directory in place.


Thank you very much, Osiris.

That answered my worries beautifully.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.