I could not find in in this list: https://certbot.eff.org/docs/using.html#certbot-command-line-options
It's an alias to --webroot-path according to User Guide — Certbot 2.7.0.dev0 documentation :
If you’re running a local webserver for which you have the ability to modify the content being served, and you’d prefer not to stop the webserver during the certificate issuance process, you can use the webroot plugin to obtain a certificate by including
certonlyand--webrooton the command line. In addition, you’ll need to specify--webroot-pathor-wwith the top-level directory (“web root”) containing the files served by your webserver. For example,--webroot-path /var/www/htmlor--webroot-path /usr/share/nginx/htmlare two common webroot paths.
But it is listed in the command line options, at the bottom of the list:
webroot:
Place files in webroot directory
--webroot-path WEBROOT_PATH, -w WEBROOT_PATH
Does every subdomain need a different webroot path and why?
I have successfully completed the HTTP-01 challange. Is it possible to change the webroot path after the certificate has been created? Do I need to update the configuration in /etc/letsencrypt?
Only if their content is served out of different directories. If sub1.domain.com is served out of /var/www/sub1/html and sub2.domain.com is served out of /var/www/sub2/html, one way to deal with that would be with separate webroot paths for each subdomain. Another way would be to serve anything in with a URL of /.well-known/acme-challenge out of a fixed directory, which would involve some changes to your web server configuration.
Alright, thanks!
Can I change the webroot path options for certbot between renewals?
I believe it would be possible, but not sure if it would be recommended. The config file is in /etc/letsencrypt/renewal/.