diff --git a/defaults/main.yml b/defaults/main.yml
index 8f32634..20a3a0a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,6 +14,10 @@ certbot_hsts: false
 certbot_create_if_missing: false
 certbot_create_method: standalone
 certbot_admin_email: email@example.com
+
+# Default webroot, overwritten by individual per-cert webroot directories
+certbot_webroot: /var/www/letsencrypt
+
 certbot_certs: []
 # - email: janedoe@example.com
 #   webroot: "/var/www/html/"
@@ -30,7 +34,7 @@ certbot_create_command: >-
   --noninteractive --agree-tos
   --email {{ cert_item.email | default(certbot_admin_email) }}
   {{ '--webroot-path ' if certbot_create_method == 'webroot'  else '' }}
-  {{ cert_item.webroot if certbot_create_method == 'webroot'  else '' }}
+  {{ cert_item.webroot | default(certbot_webroot) if certbot_create_method == 'webroot'  else '' }}
   -d {{ cert_item.domains | join(',') }}
   {{ '--pre-hook /etc/letsencrypt/renewal-hooks/pre/stop_services'
     if certbot_create_standalone_stop_services
diff --git a/tasks/create-cert-webroot.yml b/tasks/create-cert-webroot.yml
index 83a8a2a..5d0ac6d 100644
--- a/tasks/create-cert-webroot.yml
+++ b/tasks/create-cert-webroot.yml
@@ -14,7 +14,7 @@
 
 - name: Create webroot directory if it doesn't exist yet
   file:
-    path: "{{ cert_item.webroot }}"
+    path: "{{ cert_item.webroot | default(certbot_webroot) }}"
     state: directory
 
 - name: Generate new certificate if one doesn't exist.