Am I using HTTP-01 or DNS-01?

My domain is:

I ran this command:

It produced this output:

My web server is (include version): Apache/2.4.52 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: AWS EC2 instance

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.31.0

I thought I would be able to tell if I was using the HTTP or the DNS challenge by looking for TXT records in my DNS records or for a directory called .well-known in the document root of my web server but I can find neither.

I ran sudo find . -name '.well-known' from the root directory of my server and got no results.

I am 99% sure certbot / let's encrypt is installed and working on my server with because, although I am confused by the details, I have been through the installation procedure and also I can go to from my browser without warnings.

It would be great to know how I can find out which challenge I am using and also why my attempt to find out did not work.

This is the missing piece for us to be able to really tell you. But unless you configured certbot to log into your DNS provider somehow, you almost certainly are using HTTP-01.

Certbot (or whatever client you're using) just makes a change to support the challenge, and then changes it back. And often it can just configure your web server to respond to the challenge without using an actual file on the system. So after you get a certificate and the changes to respond to the challenge are reverted, your system won't reply to .well-known in any special way.


I hadn't really appreciated that the DNS records or the .well-known directory were only necessary for the challenge used to decide whether to issue the certificate and that after the certificate has been issued they are not needed. I thought they might stay on my server or DNS records for renewal of certificates. I have not worked out yet how I can automate renewal of my certificates.

You can view the certbot renewal config file for each cert in


It contains the method used to get the cert as well as the cert file locations. This info is used by the certbot renew command. Usually, a cron or systemd timer was setup for you to run the renew command. Details of this are described in these docs


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.