Preferred Challenges for Certbot

The preferred challenges for Certbot are usually one of the following:

  1. HTTP-01 Challenge: This is the most common challenge type. Certbot will create a temporary file on your web server, and the Let’s Encrypt servers will try to access that file over HTTP. You’ll need to make sure that port 80 is open and that your web server is configured to serve files from the hidden .well-known directory.
  2. DNS-01 Challenge: This challenge requires you to add a specific DNS TXT record to your domain’s DNS settings. This is often used when you need to obtain a wildcard certificate or when the HTTP challenge is not suitable. It might require manual intervention if you don’t have a DNS provider with an API that Certbot can use.
  3. TLS-ALPN-01 Challenge: This challenge requires setting up a special TLS certificate on your server and is less commonly used. It’s generally more complex to set up compared to the HTTP-01 challenge.

The HTTP-01 challenge is often the easiest to use, especially for standard web server setups, while the DNS-01 challenge is necessary for more complex scenarios like wildcard certificates.

You can specify the challenge type when running Certbot with the --preferred-challenges option, followed by the challenge type, such as:

certbot --preferred-challenges http


certbot --preferred-challenges dns

Keep in mind that depending on your specific setup and requirements, you might need to choose a specific challenge type or follow additional steps to successfully obtain a certificate.