I installed the gitea in the Official Repositories (community). I tried to use a custom directory for the data, because that will make it easy in case I reinstall the OS, but Arch Wiki says the data directory is hard-coded in the service file and the procedure to enable a custom path seemed complicated, so I just used the default. The default data path seems to be /var/lib/gitea/data.
In gitea’s manual for setting up HTTPS, the certificate path is said to be relative to the GITEA_CUSTOM environment, but when I used a relative path, it was relative to /var/lib/gitea/custom (https/cert.pem in the app.ini became /var/lib/gitea/custom/https/cert.pem in the log). That directory did not even exist by default. Shouldn’t the default relative path be /var/lib/gitea/data?
There is no default certificate - so when setting up TLS - you are adding a custom setting.
Therefore the path is correct as it points to the install locacation /var/lib/gitea and the sub folder custom would have been created by you in the process of setting up TLS as you need to place the certificate in that folder.
You can of course change the GITEA_CUSTOM variable to point to which ever location you place the certificate - but if you don’t you need to create the custom folder as part of the process.
The question asked Why is it so? should be directed to the developers of gitea as they know the why’s - every other user either use the defaults or learn to setup custom scenario.
The Arch wiki is where you learn to use the defaults.
The gitea docs is where you learn the advanced stuff
Serving a gitea web using a public interface on default 80 and 443 requires setting up a proxy web service.
I recently banged my head on how to setup IIS to serve as proxy for a gitea instance - and I eventually gave up but I know that I will revisit this a later point where time is not of essence.