Webroot what is it? Need the best guide for Ubuntu 20.04 and Nginx!

Ubuntu 20.04
Nginx
Certbot
When using the guide from there certbot https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx
I put this command
certbot certonly --webroot

And then it asks for a webroot. What should I put there?
/var/www/mysite/ ?
http://mysite.com ?
/var/www ?
/var/www/mysite ?

How to find out? And maybe better just to use

certbot --nginx -d mysite.com -d www.mysite.com

than that webroot?

I need the 100% guide just to not fail 5 times again in a week… Please! I use Ubuntu 20.04 and nginx. Thank you

You should read that page again, carefully. Nowhere does it speak of using --webroot.

No, I need to keep my web server running.

If you have a webserver that’s already using port 80 and don’t want to stop it while Certbot runs, run this command and follow the instructions in the terminal.

sudo certbot certonly --webroot

certbot --nginx works without stopping your webserver or interrupting traffic.

Of course, you can use --webroot if you want, but we don’t know what the webroot of your domain is. You need to look in your nginx virtual host configuration to find that out (the root directive).

Make sure you are actually reading instructions from the quoted link, and not from https://certbot.eff.org/lets-encrypt/ubuntufocal-other , which are generic instructions for non-nginx/non-Apache servers.

Okay man. But it leads me to an error you can read about there

So no way. yeah it easy to fix, but!

It’s fragile because it will be reverted whenever apt upgrades the python3-certbot-nginx package, eh.

Should probably send this thread to the ubuntu packagers, though.

Sure. If you would like to use --webroot, you can. You can probably find your webroot using this command:

grep -Ri "root " /etc/nginx

One of the search results should reveal where your domain’s website files are stored, and that’s what you want to pass to Certbot.

root@ubuntu:~# grep -Ri "root " /etc/nginx
/etc/nginx/sites-enabled/default: root /var/www/html;
/etc/nginx/sites-enabled/default:# root /var/www/example.com;
/etc/nginx/scgi_params:scgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/fastcgi.conf:fastcgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/fastcgi_params:fastcgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/uwsgi_params:uwsgi_param DOCUMENT_ROOT $document_root;
/etc/nginx/sites-available/default: root /var/www/html;
/etc/nginx/sites-available/default:# root /var/www/example.com;

Great, so you have two possibilities, it’s either /var/www/html/ or /var/www/example.com/.

Try each one with Certbot, and make sure to include --dry-run in your command so you don’t run into rate limiting issues.

Man, like that?
sudo certbot --nginx
The certbot will ask for a webroot, I put there
root /var/www/html
And afterwards I just
certbot renew --dry-run
???
Or you have just one command for me? Thanks. I’m afraid to run out again so that’s why I ask…

--webroot and --nginx are different modes.

If you wanted to test --webroot out, I’d suggest something like:

certbot certonly -d example.com --webroot -w /var/www/html --dry-run

It won’t actually save any certificates or anything, but it’ll tell you if the webroot was correct.

And as long as you use --dry-run, there is zero risk of “running out”.

It turned out that /var/www/html is my webroot. So what’s next?
Any comand to obtain a cert correctly?

You should decide whether:

1. You want Certbot to issue the certificate AND configure nginx to use it, or
2. You just want Certbot to issue the certificate, and you’ll do the rest (e.g. you’ll use https://ssl-config.mozilla.org/ to configure nginx yourself).

What command you run will largely be informed about which way you want to go. Keep in mind the TLS-SNI issue you linked earlier may affect your ability to choose (1), but I’m not sure.

If I only knew what should I add to nginx file…that’s why I always chose the first option

Maybe I’ll try to install 0.39 version…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.