Challenge files are created with insufficient permissions

[Leonetienne]

Plattform:

Ubuntu/Linux 5.4.0-174-generic 86_64

Certbot was installed via:

apt-get

I ran this command and it produced this output:

certbot certonly -n -d <my-domain> --webroot --webroot-path=/var/www/html
output: challenge files in /var/www/html, which are only readable by root (challenge files are set to root:root 640).

# pwd
/var/www/html/.well-known/acme-challenge
# ls -l
total 4
-rw-r----- 1 root root 87 Mar 29 15:10 NPm<...>g4
# ls -l ..
total 8
drwxr-xr-x 2 www-data www-data 4096 Mar 29 15:10 acme-challenge

Certbot's behavior differed from what I expected because:

only webservers running as root are able to read and thus serve acme challenge files. webservers should not run as root.
Certbot should either use the permissions of the acme-challenge directory (i set mine to www-data:www-data:755), or support a flag like --acme-challenge-files-umask 644 and --acme-challenge-files-uid www-data. At least provide a hook for when challenge files have been created.

There have been various issues regarding this, all of which have been closed for no good reason. (e.g. stale, inactivity, etc.)
This needs to be addressed. Looking at threads and closed issues, this has been an issue for years.

This is a rather simple issue, with an (i guess) simple fix, which is keeping me from being able to use certbot at all at the time.