What does the certbot command line option -w do?

I could not find in in this list: https://certbot.eff.org/docs/using.html#certbot-command-line-options

It’s an alias to --webroot-path according to https://certbot.eff.org/docs/using.html#webroot :

If you’re running a local webserver for which you have the ability to modify the content being served, and you’d prefer not to stop the webserver during the certificate issuance process, you can use the webroot plugin to obtain a certificate by including certonly and --webroot on the command line. In addition, you’ll need to specify --webroot-path or -w with the top-level directory (“web root”) containing the files served by your webserver. For example, --webroot-path /var/www/html or --webroot-path /usr/share/nginx/html are two common webroot paths.

1 Like

But it is listed in the command line options, at the bottom of the list:

webroot:
  Place files in webroot directory

  --webroot-path WEBROOT_PATH, -w WEBROOT_PATH
2 Likes

Does every subdomain need a different webroot path and why?

I have successfully completed the HTTP-01 challange. Is it possible to change the webroot path after the certificate has been created? Do I need to update the configuration in /etc/letsencrypt?

Only if their content is served out of different directories. If sub1.domain.com is served out of /var/www/sub1/html and sub2.domain.com is served out of /var/www/sub2/html, one way to deal with that would be with separate webroot paths for each subdomain. Another way would be to serve anything in with a URL of /.well-known/acme-challenge out of a fixed directory, which would involve some changes to your web server configuration.

Alright, thanks!

Can I change the webroot path options for certbot between renewals?

I believe it would be possible, but not sure if it would be recommended. The config file is in /etc/letsencrypt/renewal/.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.