Recently I can into an issue with acme.sh / Let’s Encrypt and a failing ACME validation
Error 404 when running acme.sh --renew -d mydomain.tld
[Wed May 3 15:31:45 UTC 2023] Pending, The CA is processing your order, please just wait. (1/30)
[Wed May 3 15:31:49 UTC 2023] mydomain.tld:Verify error:<ipaddress> Invalid response from https://mydomain.tld/.well-known/acme-challenge/5GmSwd0P0ukTtX302yHHhAuZMCEDJx7MmAaBBoPIKtk: 404
[Wed May 3 15:31:49 UTC 2023] Please add '--debug' or '--log' to check more details.
[Wed May 3 15:31:49 UTC 2023] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
In most cases running an own CA (certification authority) is not advisable. But there are exceptions: If you want to secure internal services of your company, using your own CA might be necessary. During my employment at ADITO Software GmbH I created a tool for X.509 certificate management. The root certificate of my tool had to be imported into every PC of the company. Unfortunately there are some pitfalls which I did not expect, but after some research I figured out how to import the new CA to Linux- and Windows PCs and to every major webbrowser.