How to set the webroot when using ACME

To generate SSL certificates, I use the HTTP-01 challenge. Since I already have a Docker container running an Nginx web server that listens on port 80, I want to use the webroot option instead of the listenHTTP option.

Initially, I tried setting the webroot to the index.html directory used by the Nginx web server. However, this didn’t work because the permissions of this directory didn’t allow the creation of the .well-known/acme-challenge/ directory. I checked the acme package and saw that a system user called acme is created and belongs to the acme group. The home directory of this user is /var/lib/acme.

As far as I understand, the acme user tries to create the .well-known/acme-challenge/ directory. If this is true, is it even possible to change the webroot to a directory other than a subdirectory of this user’s home directory? The acme user only belongs to the acme group, and both the user and group don’t exist prior to using the acme package.

My solution has been to use /var/lib/acme as the webroot directory and mount it as a volume in the Nginx Docker container.

Is there a reason you don’t want to use the nginx module? What is it you are trying to accomplish with this particular setup?

That’s the plan. In total, there are four Docker containers that I want to replace with the appropriate Nix configuration. The reason for using Docker containers was that the project initially ran on an Ubuntu server and is now being migrated to NixOS.