If one domain fails, we probably still want certs for the others.
Create /letsencrypt/well-known if it doesn't exist