Mainly only applies to letsencrypt=2 where Users use redirects or password protection on the top level / path. DA adds and .htaccess file to the .well-known directory in the event that, for example, Users have password protection on the top level / folder. This .htaccess disables password protection to LE can access the acme-challenge. Apache needs to have +r on this folder, so we set it to 755 instead of 711. Change will take effect on systems that do not yet have the folder. Existing systems would only need manual intervention if they have 403 errors with it: eg: manually set .well-known folder to 755.