Question Why does the webserver try to serve from /var/www/vhosts/default/htdocs?

[Ceriana]

Server operating system version

Ubuntu 24.04

Plesk version and microupdate number

18.0.65 Update #1

Good morning,

I'm trying to install a Lets Encrypt! certificate via certbot, since the DNS auth takes too long to publish on my provider.

The command I'm using is:

certbot certonly --webroot -w /var/www/vhosts -d domainremoved.tld -v

I always get the same error message:

Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: domainremoved.tld
Type: unauthorized
Detail: xxx.xxx.xxx.xxx: Invalid response from http://domainremoved.tld/.well-known/acme-challenge/-n7annhikpwy3YFa5Q0peNipPFgL1erUrFm58wD1sL0: 404

Upon investigation, I found the access in the log:


I noticed, that the request is redirected to /var/www/vhosts/default/htdocs, instead of the path I enter (/var/www/vhosts/domainremoved.tld/httpdocs). Why does this happen? Or do I use the certbot the wrong way?

Thanks.

 

[Kaspar]

Is there any particular reason you want to use Certbot instead of the default Plesk SSL it! extension with Let's Encrypt support to issues LE certificates? Because that might be the easier route to issues LE certificates for domains.

 

[AYamshanov]

Hi,

It is because of the common challenge dir feature in the SSL It! extension (see #ssl-it-enhanced-probability-of-certificates-issue).

If you prefer to use `certbot` manually instead of the SSL It! and Let's Encrypt extensions, you can disable the feature; after that, the webserver will serve files located in the "<subscription>/.../.well-known/".

But yes, could you please describe in more detail why you prefer to use `certbot`?

 

[Ceriana]

Because it requires me to add a TXT entry to my domain's DNS. The TXT records are the only ones I can't change myself, I need to write a ticket at the provider, which then takes hours to process, adding the record itself takes time to propagate etc. My hope was that I could speed up things with certbot without this DNS authentification.

Hi,

It is because of the common challenge dir feature in the SSL It! extension (see #ssl-it-enhanced-probability-of-certificates-issue).

If you prefer to use `certbot` manually instead of the SSL It! and Let's Encrypt extensions, you can disable the feature; after that, the webserver will serve files located in the "<subscription>/.../.well-known/".

But yes, could you please describe in more detail why you prefer to use `certbot`?

I disabled both and got the same issue.

 

[Kaspar]

Because it requires me to add a TXT entry to my domain's DNS. The TXT records are the only ones I can't change myself, I need to write a ticket at the provider, which then takes hours to process, adding the record itself takes time to propagate etc. My hope was that I could speed up things with certbot without this DNS authentification.

A TXT record for validation is only needed when using a wildcard certificate. (The same applies when issuing a wildcard certificate with Certbot). If you omit the wildcard option when issuing a LE certificate in Plesk, no TXT record is needed for validation.

 

[Ceriana]

A TXT record for validation is only needed when using a wildcard certificate. (The same applies when issuing a wildcard certificate with Certbot). If you omit the wildcard option when issuing a LE certificate in Plesk, no TXT record is needed for validation.

Things I didn't know. Thank you very much.