To generate SSL certificates, I use the HTTP-01 challenge. Since I already have a Docker container running an Nginx web server that listens on port 80, I want to use the webroot
option instead of the listenHTTP
option.
Initially, I tried setting the webroot
to the index.html
directory used by the Nginx web server. However, this didn’t work because the permissions of this directory didn’t allow the creation of the .well-known/acme-challenge/
directory. I checked the acme package and saw that a system user called acme
is created and belongs to the acme
group. The home directory of this user is /var/lib/acme
.
As far as I understand, the acme
user tries to create the .well-known/acme-challenge/
directory. If this is true, is it even possible to change the webroot
to a directory other than a subdirectory of this user’s home directory? The acme
user only belongs to the acme
group, and both the user and group don’t exist prior to using the acme package.
My solution has been to use /var/lib/acme
as the webroot
directory and mount it as a volume in the Nginx Docker container.