• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Issue Site builder publisher tries to delete folder owned by root

P

peterpijpelink

New Pleskian
Server operating system version
AlmaLinux 8.10 (Cerulean Leopard)
Plesk version and microupdate number
Plesk Obsidian v18.0.70_build1800250717.15 os_RedHat el8
Hello, when we try to publish site builder pages, the publisher tries to remove files in a folder in root.

Publication failed. Please try again
Click to expand...
  • filemng failed: rm: cannot remove '/var/www/vhosts/pureimage.nl/httpdocs/.well-known/pgp-key.txt': Permission denied
  • rm: cannot remove '/var/www/vhosts/pureimage.nl/httpdocs/.well-known/security.txt': Permission denied
  • filemng: Error occurred during /bin/rm command.
Click to expand...
Obvious these files should not be removed or replaced. The website is currently unusable and trying to go back to a snapshot of a few days old did not solve anything.
Scherm­afbeelding 2025-07-22 om 13.46.37.pngThe site id is Login if that helps. Do we need to change anything? As this is the first time we see this error happening....

thank you for your help!
 
peterpijpelink said:
Hello, when we try to publish site builder pages, the publisher tries to remove files in a folder in root.
[...]
Click to expand...
I assume you're referring to the Sitejet site builder (rather than the legacy SiteBuilder/Web Presence Builder)?

Regardless, the question is why is .well-known directory owned by root in the first place. That should not be the case, alle files and directories should be owned by the subscription user. Did you create the .well-known directory via command line as root user?

However, when publishing a site with Sitejet all files within the document root of the domain will be deleted. Unfortunately this includes files in the .well-known directory, even tough these should not conflict with the Sitejet files.

@Sebahat.hadzhi, maybe this is something to relay to the Sitejet team for them to look into? I am not sure if this always has been the case. But I can imagine it's gets pretty tedious for users to re-create the security.txt (and the signature pgp-key.txt file) every time they update and publish their website. Especially when the security.txt file is automatically created wit the security.txt Plesk extension. Would be nice if files in the .well-known directory are retained.
 
Kaspar said:
I assume you're referring to the Sitejet site builder (rather than the legacy SiteBuilder/Web Presence Builder)?

Regardless, the question is why is .well-known directory owned by root in the first place. That should not be the case, alle files and directories should be owned by the subscription user. Did you create the .well-known directory via command line as root user?

However, when publishing a site with Sitejet all files within the document root of the domain will be deleted. Unfortunately this includes files in the .well-known directory, even tough these should not conflict with the Sitejet files.

@Sebahat.hadzhi, maybe this is something to relay to the Sitejet team for them to look into? I am not sure if this always has been the case. But I can imagine it's gets pretty tedious for users to re-create the security.txt (and the signature pgp-key.txt file) every time they update and publish their website. Especially when the security.txt file is automatically created wit the security.txt Plesk extension. Would be nice if files in the .well-known directory are retained.
Click to expand...
additional info, this is:

Sitejet Builder Version 1.2.5-5565​

And these files in root are made by Let's encrypt using SSLIt! version 1.18.1-3161 it seems, so where else should we place these? As said, up to a few days ago it was never an issue on any of the many sites we have with SiteJet Builder. And to answer your question, we did not made these files or the folder ourselves. We use the SiteJet per default settings, no special configuration or anything.

 
To change the owner and group of the directory you can run the following command via command line (for example using the Plesk SSH terminal). Replace the <ownername> placeholder example below with the actual user of the subscription (the one shown in your screenshot which owns the other files).
Code: 
sudo chown -R <ownername>:psacln /var/www/vhosts/pureimage.nl/httpdocs/.well-known/

This should allow you to publish your website from Sitejet again without any errors.
 
Kaspar said:
To change the owner and group of the directory you can run the following command via command line (for example using the Plesk SSH terminal). Replace the <ownername> placeholder example below with the actual user of the subscription (the one shown in your screenshot which owns the other files).
Code: 
sudo chown -R <ownername>:psacln /var/www/vhosts/pureimage.nl/httpdocs/.well-known/

This should allow you to publish your website from Sitejet again without any errors.
Click to expand...
thank you, that does solve it for now. More is that we maybe need to make a documents folder inside httpsdocs and let SiteJet Builder use this, as this will occur again when the system updates certs.... ?
 
peterpijpelink said:
[...] More is that we maybe need to make a documents folder inside httpsdocs and let SiteJet Builder use this, as this will occur again when the system updates certs.... ?
Click to expand...
Your are right about .well-known directory being used for the validation of certificaties. However I am sure that neither Let's Encrypt or SSL It! created the directory as owned by root. Since the folder contained a pgp-key.txt and a security.txt file (based on the error in your opening post), I suspect the directory was created by something (or someone) else to put those files in the document root of the domain.
 
Kaspar said:
Your are right about .well-known directory being used for the validation of certificaties. However I am sure that neither Let's Encrypt or SSL It! created the directory as owned by root. Since the folder contained a pgp-key.txt and a security.txt file (based on the error in your opening post), I suspect the directory was created by something (or someone) else to put those files in the document root of the domain.
Click to expand...
I did check 5 sites and all have the same folder and creating date..
July 18, 2025 08:16 AM
So it must be something on the server it seems. and not with the latest update as this was done a day later.

Plesk Obsidian 18.0.70 Update #3 Web Pro Edition Last updated on July 19, 2025 12:17 AM)

 
Did look into these folders, all have the same time and date and what could caused this:

Could it be this one?

Native security.txt compliance in Plesk​

Generate one /.well-known/security.txt file for all domains on a Plesk server automatically. Help security researchers get in touch with you regarding the actual or potential security issues on the websites hosted on the server.

  • Generate one common security.txt file for all domains (on your server) that do not have their own security.txt file.
  • Custom settings are taken into account: Plesk will not apply the common security.txt file to a domain that has its own custom file.
  • Automatically update the expiration date in the security.txt file to always keep it relevant.
  • Customize the common security.txt generated by Plesk to better fit your needs.
 
You must log in or register to reply here.

Similar threads

L
Question .nfsxxxxx files
Replies
3
Views
1K
lema
L
immc
Question Error during zip file extraction: filemng failed:
Replies
2
Views
673
immc
immc
L
Resolved Sitejet Builder - Publication failed
Replies
5
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
I
Issue website downloads index.php instead of showing it
Replies
17
Views
734
Isolde
I
F
Question Connect Django and Sitejet Builder Published Static Files
Replies
2
Views
1K
Kaspar
K
Back
Top