Let’s Encrypt and Certbot The HTTP-01 challenge, is the one we will see in action in this tutorial. When this challenge is performed, Let’s Encrypt creates a token and passes it to a client; the client then proceeds to create a file on our website, under a specific path: http:///.well-known/acme-challenge/. Let’s Encrypt verifies the file exists and is valid; If the validation is successful, it issues the certificate. For this challenge to work, our website must be remotely accessible on port 80.
During a DNS-01 challenge, instead, Let’s Encrypt tries to verify we are in control of DNS entries. Once again, the process starts by the CA issuing a token to the client, which uses it as the content of a TXT record it specifically creates and puts at _acme-challenge.<OUR_DOMAIN>. Let’s Encrypt tries to query the DNS for that record; if it finds a match, it issues the certificate.
As we said before, in this case we will stick to the HTTP-01 challenge. Now, let’s see how to install and use Certbo