When generating a free Let’s Encrypt SSL certificate for your WordPress website, Really Simple Security will handle the authorization with a directory challenge by default. A file with a key will be created in the .well-known/acme-challenge directory. This is the easiest method, and it can be handled automatically in most cases.
In some situations, this method is not possible. For example, if you need a Wildcard SSL certificate that covers the entire domain, including all of it’s subdomains (e.g., for multisites), or if your hosting provider blocks the creation of the directory and file. The directory challenge could also fail if the request to this file by Let’s Encrypt is blocked by your hosting company.
If it’s not possible to remove this block, or if you need a Wildcard SSL certificate, you can switch to the DNS verification method instead.
If you’re on cPanel and your hosting provider allows the use of the cPanel API for DNS edits, the plugin will handle this automatically. If this is not the case for you, the plugin will display the TXT record to add to your DNS configuration manually. Please note that you will need to do this again when the SSL certificate has to be renewed.