Webroot Method

The webroot method verifies domain ownership by placing a challenge file in a publicly accessible directory (typically /.well-known/acme-challenge/) on your web server.  It does not require stopping your web server, making it ideal for production environments where downtime is unacceptable.  You must configure your web server (Apache, Nginx, etc.) to serve content from the specified webroot path. This method is suitable when port 80 is in use but you have a web server serving static content. 

Standalone Method

The standalone method temporarily starts a lightweight web server on port 80 during the certificate issuance or renewal process.  It is simple to use if port 80 is not occupied by another service. However, it requires temporary interruption of existing services on port 80, which may cause brief downtime.  This method is often used for APIs or services that only use HTTPS and do not serve HTTP traffic. 

DNS Method

The DNS method verifies domain ownership by adding a DNS TXT record to your domain’s zone file. It does not require access to your web server or port 80, making it ideal for servers behind firewalls, shared hosting, or complex network setups. It is also useful when you manage multiple domains or subdomains across different DNS providers. Automation requires integration with DNS APIs (e.g., via plugins like dns-cloudflare, dns-route53). Unlike webroot and standalone, it does not rely on HTTP connectivity.