Directories of the firmware components

Note: Phoenix Contact recommends operating the PLCnext Control device with an SD card if it supports SD card operation. For some PLCnext Control devices, operation with an SD card is mandatory. Refer to the user manual of your PLCnext Control device.

You can access the controller via SFTP or via SSH, view the directories and files in the Linux file system (on the internal flash memory and on the SD card), and modify them if necessary. 

Directories and files that Phoenix Contact provides (also through firmware updates) are stored on the internal flash memory of the controller.

If you make changes to the directories or files, the Linux operating system generates an Overlay File System. It is used to combine contents of a read-only partition with a read-write partition. The read-write partition is stored either at the external SD card or in a dedicated partition of the internal flash memory if no SD card is present.

Major directories on the internal file system

Directory in the root file system Contents


Directory for storing additional open-source libraries that customized C++ programs use (see C++ programming).


License information on the individual Linux packages of the controller.


Home directory of the admin Linux user and working directory of the device firmware.

Files written by the application program are stored in this directory if the specified file name does not contain a storage path.


2019.92020.0 LTS2020.3

Directory for storing configuration files that are not project-specific. 


≥ 2020.6 

Directory for storing configuration files of the User Manager.

  • UmSystemUseNotifcation.txt: The file contains the Default System Use Notification that is displayed if you connect to the controller via SSH or SFTP (for example, using WinSCP). Click here for more information.


Directory for storing the log files of the Diagnostic Logger as well as the database of the Notification Logger

This directory contains the Output.log file. It contains information on the startup behavior of the firmware, status, and error messages as well as warning notes that help you find the source of error. Click here for more information.

In addition, you will find the diagnostic log file of theplcnextapp command line tools (plcnextapp.log) as well as the log files of the UA server (uatrace.log, uatrace_1.log).


Directory for storing project directories and files


Directory for storing project directories and files downloaded manually by the user


Directory for storing PLCnext Engineer projects

PLCnext Engineer exclusively manages all files and subdirectories in this directory.

Note: Do not make any changes to this directory.


Directory for storing SPLC data (safety-related controller)


Directory for storing certificates of IdentityStores and TrustStores , which the WBM manages.


Directory for storing the HTTPS certificate

Note: Certificate setting

From firmware 2021.0 LTS

Up to firmware 2020.6, the HTTPS certifcate and its related private key were located as files on the file system of the controller. These files have been replaced by symbolic links. Therefore, when updating the firmware, the existing certificate and key files are moved to /opt/plcnext/Security/IdentityStores/HTTPS-self-signed-Backup/*.* and symbolic links are created at the original location pointing to this backup.

On the WBM Certificate Authentication page you can either select to use an existing IdentityStore or to use self-signed certificates. 
When using an existing IdentityStore the symbolic links are changed and refer now to the specified IdentityStore.
When using self-signed certificates a self-signed certificate is generated at /opt/plcnext/Security/IdentityStore/HTTPS-self-signed/*.* and the symbolic links refer to that IdentityStore. 
When creating a self-signed certificate via the Certificate Authentication WBM page, the /opt/plcnext/Security/IdentityStores/HTTPS-self-signed-Backup directory is not modified.

Up to firmware 2020.6

The HTTPS certificate and its related private key are located as files in the following directories of the controller file system:

  • /opt/plcnext/Security/Certificates/https/https_cert.pem
  • /opt/plcnext/Security/Certificates/https/https_key.pem

You can exchange these files by your own certificate and key. 


Directory for storing the TrustStores configured in WBM.

Each subdirectory corresponds to the name of a TrustStore.

A TrustStore directory contains the following subdirectories:

  • trusted: The directory contains CA certificates that are trusted.
  • issuers: The directory contains CA certificates that are not automatically trusted but that are necessary for creating a certificate chain.
  • trusted/crl: The directory contains files with CRLs for the CA certificates.
  • issuers/crl: The directory contains files with CRLs for issuer certificates.

Note: The firmware internally uses the /opt/plcnext/Security/TrustStores/Empty/ TrustStore.

Do not make any changes to the directory, the subdirectories, or the files of the /Empty TrustStore.


Directory for storing the IdentityStores configured in the WBM.

Each subdirectory corresponds to the name of an IdentityStore. An IdentityStore contains identities (X.509 certificates with associated private key).

An IdentityStore directory contains the following files:

  • certificate.pem: The file in PEM format contains the X.509 certificate of the identity. The file may additionally contain several certificates of the certificate chain.
  • key.pem: The file in PEM format contains the private key for the certificate.
  • tpmkey.pem: The file contains the private key linked to the TPM (Trusted Platform Module) of the controller.


All active apps downloaded from the PLCnext Store to the controller are mounted in this directory.

Each active app is mounted with the name of the app identifier in a subdirectory. The entire content of the app container is available in this directory (read-only).

The PLCnext Store manages the directory.

Do not make any changes to this directory.


Directory for storing all installed app containers

The directory belongs to the PLCnext Store.


Directory for storing and managing app data

The PLCnext Store and the installed apps manage the directory.

Do not make any changes to this directory.


Directory for storing the default configuration files for tracing via LTTng


Directory for storing trace files

The directory is created during runtime of the trace controller when the trigger function for storing the trace files is called for the first time. Each time the trigger function of the memory is called, a new subdirectory (trace directory) for storing the current trace data is created.

The designation of a trace directory is structured as follows: YYYYMMDD_hhmmss

For example: /opt/plcnext/lttng_traces/20190418_190615/<trace_data>

The memory operates as a ring memory. When exceeding the maximum storage space, the oldest trace directory is deleted.


Directory for download changes operations

The directory is used for creating a backup of the project directory (/opt/plcnext/projects/). In the event of an error, the contents of the backup directory are restored. The backup directory is created following the first successful project download and following every successful project download.


Directory for storing remanent data


≥ 2021.0 LTS


Directory for storing backup files that contain the retain variable values and its corresponding retain CRC along with the project name.

Up to 10 backup files are stored before the oldest file is deleted. The criterion is the file name. 
You can find more information about the backup and restore feature in the topic Extended retain handling.


Directory for internal storage of copies of C++ user libraries that have been configured in PLCnext Engineer and downloaded.


Directory for storing temporary PROFINET® files

Using SFTP to access the file system

You can access the file system via the SFTP protocol. Use a suitable SFTP client software for this (for example, WinSCP).

Access to the file system via SFTP requires authentication with a user name and password. The following access data is set by default with administrator rights:

  • User name: admin
  • Password: is printed on the PLCnext Control




•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or neweror Safari • 
• Published/reviewed: 2023-02-20 • Revision 053 •