Letsencrypt - do I need to keep ".well-known" accessible for certificate renewal?
I created a certificate for my Apache 2.4 server. To validate my server letsencrypt created the folder .well-known
and accessed it.
Do I need to keep this folder accessible (for certificate renewal) or could I delete/block the folder?
Yes, it's needed each time a certificate is renewed. You still need to verify that the calling system is in control of the resource.
Lets Encrypt can create a new directory when you renew your ssl. So, yes you need the directory for renewal, but you can remove it after the first validation or a renewal.