diff --git a/hooks/conf_regen/01-yunohost b/hooks/conf_regen/01-yunohost
index 198eab3e7..ed09edb79 100755
--- a/hooks/conf_regen/01-yunohost
+++ b/hooks/conf_regen/01-yunohost
@@ -178,6 +178,8 @@ do_post_regen() {
     chown root:admins /home/yunohost.backup/archives
     chown root:root /var/cache/yunohost
 
+    [ ! -e /var/www/.well-known/ynh-diagnosis/ ] || chmod 775 /var/www/.well-known/ynh-diagnosis/
+
     # NB: x permission for 'others' is important for ssl-cert (and maybe mdns), otherwise slapd will fail to start because can't access the certs
     chmod 755 /etc/yunohost
 
diff --git a/src/diagnosers/21-web.py b/src/diagnosers/21-web.py
index ce6de4b17..cc6edd7dc 100644
--- a/src/diagnosers/21-web.py
+++ b/src/diagnosers/21-web.py
@@ -61,7 +61,7 @@ class MyDiagnoser(Diagnoser):
 
         self.nonce = "".join(random.choice("0123456789abcedf") for i in range(16))
         rm("/var/www/.well-known/ynh-diagnosis/", recursive=True, force=True)
-        mkdir("/var/www/.well-known/ynh-diagnosis/", parents=True)
+        mkdir("/var/www/.well-known/ynh-diagnosis/", parents=True, mode=0o0775)
         os.system("touch /var/www/.well-known/ynh-diagnosis/%s" % self.nonce)
 
         if not domains_to_check: