The Automatic Certificate Management Environment (ACME) protocol is a **communications protocol for automating interactions between certificate authorities and their users' web servers**, allowing the automated deployment of public key infrastructure at very low cost. [Automated Certificate Management Environment](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment). **HTTP-01** challenge is the most common challenge type. Let’s Encrypt gives a token to your ACME client, and your ACME client puts a file on your web server at `http://<YOUR_DOMAIN>/.well-known/acme-challenge/<TOKEN>`. That file contains the token, plus a thumbprint of your account key. The **DNS-01** challenge asks you to prove that you control the [[Domain Name System|DNS]] for your domain name by putting a specific value in a TXT record under that domain name. It is harder to configure than HTTP-01, but can work in scenarios that HTTP-01 can’t. It also allows you to issue [[Wildcard certificate]]. I have used this with [[Amazon Route 53|Route 53]] and [[AWS Certificate Manager]].