To register an SSL certificate via the Let's Encrypt authority, one must serve a special file in /.well-known/acme-challenge/<token>
with specific contents. Apologies if I missed it in the documentation, but it is not clear to me whether this token needs to remain secret, or whether it is OK for it to be visible via a directory index when navigating to /.well-known/acme-challenge/
on the server.
If my acme-challenge tokens have been visible in this manner, are my SSL certs compromised?