When exploring your website files via cPanel’s File Manager, you may come across a directory named:

It often appears suddenly, even if you didn’t manually create it. Understandably, many website owners wonder:
“What is this folder? Can I delete it?”
In this article, we’ll break down what the .well-known directory is used for, whether it’s safe to delete it, and when it’s best to leave it untouched all from the perspective of regular hosting clients.

What Is the .well-known Directory?

The .well-known directory is a standardized location used by websites to store security- and configuration-related files. These files are often used for verification, domain validation, or policy declarations.

This folder follows guidelines defined by the Internet Engineering Task Force (IETF) in RFC 8615 and is recognized by most modern browsers, certificate authorities, and services.

Common Uses of .well-known

Here are some of the most typical files and folders you might find inside .well-known/:

These files must exist in this exact path for services to recognize them. For example:

This is how SSL providers like Let’s Encrypt validate your domain before issuing a certificate.

How Did This Directory Appear?

You likely did not create this folder yourself. It may have been automatically generated by:

• An SSL installation or renewal (especially Let’s Encrypt)

• A plugin or CMS feature (like in WordPress or Joomla)

• A security tool that verifies domain control

• A mobile app integration (e.g., Android App Links)

It typically appears in your /public_html/ or site root.

Can I Delete the .well-known Directory?

In most cases, you should NOT delete it.

Why?

• If your SSL certificate is auto-renewed, deleting .well-known/acme-challenge may cause renewal failures

• Removing it might break domain verification for third-party services

• If it’s currently empty, it may still be needed in the future

However, if you are 100% sure:

• You are not using Let’s Encrypt

• No services (like Facebook, Keybase, Android apps, or DMARC records) are doing domain verification

• The folder is completely unused and not tied to active plugins

Then yes, you can delete it but proceed with caution.

How to Check .well-known in cPanel

1. Log into cPanel

2. Open File Manager

3. Navigate to /public_html/

4. Look for .well-known

   • (If you don’t see it, enable “Show Hidden Files” in settings)

You can inspect the folder contents to understand what it’s being used for.

Best Practices for Managing .well-known

Troubleshooting: What Happens If It’s Missing?

If a service needs .well-known and it’s missing:

• SSL certificate renewals will fail, and your site may show “Not Secure”

• App verification may not go through

• SEO or security tools might show validation errors

In most cases, recreating the folder and placing the required file inside will fix it. Use File Manager or an FTP client to do this.

Final Thoughts

The .well-known directory is not harmful, not malware, and not a mistake. It’s part of a global standard that enables secure communication between your website and trusted external services.
Unless you’re absolutely sure it’s unused and unneeded, it’s best to leave it as is. Deleting it could unintentionally cause SSL, verification, or security features to break silently.
If you’re ever unsure, your hosting provider’s support team can help you safely review its use.