0.31.0-1+ubuntu18.04.1+certbot+1 on Ubuntu 18.04, and have problem with generating acme-challenge file for some of domains, because nginx got "403 Access denined" error.
For most of domains certbot creates
.well-known/acme-challenge/* files well with right permissons (
-rw-r--r-- owned by root/root) and this file is readable via nginx well.
But for some domains on same system
certbot creates files with
-rw-rw---- permission, so nginx can't read it and shows "403 Access denined" error!
The command for generate certificate is same:
certbot certonly --webroot -d test1.example.com --webroot-path=/srv/test1.example.com/public_html certbot certonly --webroot -d test2.example.com --webroot-path=/srv/test2.example.com/public_html
Differs only owner of webroot path directory (different owner -
test2:test2), nginx configs for both domains are similar, directory permissions are same too. Users have same group membership (own group and
www-data) and umask (
test1.example.com user all works well, but for
test2.example.com - not, because of described file permission problem!
Can anybody please describe which user settings (or directory permissions) can affect to acme-challenge files permissions? And maybe exists some way to manually force some permissions via command line argument?