The purpose of this configuration is to allow the letsencrypt-auto
script to function properly from a centralized configuration management host. This allows for managing/automating the creation, deployment and renewal of certificates without resorting to retrieving trust related data from the less trusted managed hosts.
An added bonus is that the auth data stored with the renewal configuration is not littered across the enterprise.