I ran this command:acme.sh --issue -d db.trillionpictures.com --webroot "/Library/FileMaker Server/HTTPServer/htdocs" --keylength ec-256
It produced this output: Can not write token to file : /Library/FileMaker/.well-known/acme-challenge/sm03MSnzDjY9EJ2znUzceN_f_x0ILjqpnY15iKASvMg
(Notice it got tripped up by the space in the directory 'FileMaker Server')
My web server is (include version): apache
The operating system my web server runs on is (include version): MacOS
My hosting provider, if applicable, is: InmotionHosting
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): acme.sh v2.8.8
For whatever reason I'm unable to specify the --webroot. I'm familiar with using escapes (backslash space) or quotes (single or double) in command line calls to handle paths with spaces, but in this particular context -- using acme.sh, none of the usual solutions worked.
If your intention is to notify/update the software maintainer about this issue, then you are on the wrong forum; as acme.sh has never been maintained by LE nor this community.
If you are just looking for a "workaround", then I might have a few.
In case you (or anyone else) are interested in such "Workarounds", here are two general methods:
A. Try "forcing" it to find that path:
1. link path "/Library/FileMaker" to "/Library/FileMaker Server"
[then use link path --webroot "/Library/FileMaker/HTTPServer/htdocs"]
2. Try one more escape/backslash/quotes...
--webroot "/Library/FileMaker\ Server/HTTPServer/htdocs"
B. Try using another path - challenge folder isn't bound to/by site path location.
1. Create a dedicated challenge path: /AMCEchallenges/
a. mkdir /AMCEchallenges/
b. Update apache vhost config to use the new path for challenges
option #1:
<Location /.well-known/acme-challenge/>
DocumentRoot /AMCEchallenges/
</Location>
option #2:
#this skips challenge requests and sends all other requests to HTTPS
<LocationMatch "^/(?!\.well-known)">
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1
</LocationMatch>
DocumentRoot /AMCEchallenges/
c. use: --webroot /AMCEchallenges/
Thanks. Will test the link approach. But also wondering: is certbot maintained / supported by LE? Happy to switch if it will ultimately make the install/renewal process more reliable.
In the beginning, it was indeed developed by Let's Encrypt personel. However, since then it has been transfered over to the good people of the Electronic Frontier Foundation (EFF), one of the Platinum sponsors of Let's Encrypt and one of the Platinum sponsors of ISRG, the company behind Let's Encrypt. Some of board members of ISRG are from EFF.
They both have their merits. Certbot is very complete IMHO, but still has some possibilities for significant improvements. Some might say it's "bloated" due to too much options with too much dependencies. Bonus is it's under very active development by a great development team of a great organisation (EFF).
Acme.sh on the other hand is very small with very little dependencies. Further more, it has many, many DNS provider plugins so it's relatively easy to use the DNS challenge with it. On the other hand, as far as I know, it's developed by a single developer. It has also been sold to apilayer, a company which seems to be trying to buy as much of the popular ACME clients as possible. The current 'master' version also has ZeroSSL (a CA of apilayer) as the default ACME API in stead of Let's Encrypt. Its documentation is not something I would describe as "easy" or "complete".