There are a lot of layers potentially involved in this process:
- Your hosting provider (and what it does or doesn’t allow you to do in your hosting environment)
- Your DNS provider (and whether your DNS records are correct and refer to the servers you expect them to, and whether you can update them automatically from software)
- Your domain registrar (and whether it’s providing any services for you by default that you didn’t expect it to)
- Your web server software (and how it will be configured to use the certificate after issuance)
- Your ACME client (and how and where you’ll run it)
- Your authentication method (how you’ll select one, and what the ACME client will do to prove your control over the domain name)
So, it can get pretty complex at times, especially for people who haven’t thought about these items or what role they play in certificate issuance.