As I was trying to install SSL on a shared hosting server using webroot method, I found that this server would not serve anything that is not owned by the user, searching through the forum found that lots of users faced or facing similar issues.
./letsencrypt-auto --text --agree-tos --email email@example.com certonly --renew-by-default --webroot --webroot-path /home/someuser/public_html/ -d somedomain.com -d www.somedomain.com
Would work as it is intended to and creates
Folder “.well-known” owned by root
Folder “acme-challenge” owned by the user
Challenge file owned by root.
Now since the challenge file is not owned by the user, webserver won’t serve it and returns 404.
Now, there could be many reasons/scenarios to this behaviour, hence to over come this, my suggestion is to pass a flag for the user and another for file permissions
When this flag is use, all folders and files get created as user or owner is changed to the mentioned user.
Since letsencrypt-auto is already running as root, it should not be difficult to change the owner.
A similar approach can be adopted for file/folder permissions too, if/when/where needed.
If these values are not passed, letsencrypt-auto should fallback to default values as it is currently doing.