Let’s say I’m creating a Letsencrypt certificate for the first time, so that my .well-known path will not yet be behind HTTPS.
Or worse, let’s say I was a bit too late renewing an existing Letsencrypt certificate, so that my .well-known path will be behind HTTPS with an expired Letsencrypt certificate.
Will this pose any problems when running certbot to create a new certificate? If so, how to get around these problems?
To add to what @TCM said, the HTTP-01 challenge will accept pretty much any certificate - expired, self-signed, etc. is all fine, so if you’re redirecting to a https:// URL with a certificate like that, that’s fine.