diff --git a/site-cookbooks/kosmos-dirsrv/resources/instance.rb b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
index 8470e55..d0f80bc 100644
--- a/site-cookbooks/kosmos-dirsrv/resources/instance.rb
+++ b/site-cookbooks/kosmos-dirsrv/resources/instance.rb
@@ -164,6 +164,7 @@ done
     # Generate a Let's Encrypt cert (only if the nginx vhost exists and no cert
     # has been generated before. The renew cron will take care of renewing
     execute "letsencrypt cert for #{new_resource.hostname}" do
+      root_directory = "/var/www/#{new_resource.hostname}"
       command "certbot certonly --webroot --agree-tos --email ops@kosmos.org --webroot-path #{root_directory} --deploy-hook /etc/letsencrypt/renewal-hooks/deploy/dirsrv -d #{new_resource.hostname} -n"
       only_if do
         ::File.exist?("#{node['nginx']['dir']}/sites-enabled/#{new_resource.hostname}_certbot") &&