I need help understanding how Webroot is managing to issue a certificate renewal despite my NGINX config not publicly serving .well_known directory.
In fact, if I run this command:
certbot certonly --webroot --webroot-path /usr/share/nginx/html/ --renew-by-default -d .com the certificate is issued.
However if the same command is ran with --dry-run; the client errors out as I ‘expect’ saying “Failed authorization procedure. .com (http-01)”
I am in the process of automating the generation of certificates using Ansible and would like to understand this behaviour.