Symbiosis: Access to http://example.com/.well-known can easily be blocked accidentally, preventing certificate renewal.
A fairly common scenario is that it's fairly easy to set up a site, let
symbiosis-ssl do it's thing and swap to HTTPS, and then redirects/rewrites are added to
.htaccess or similar which then means that
.well-known isn't accessible for verification with Let's Encrypt.
And, if you aren't checking logs, cert expires and so on, this can lead to problems with the certificate expiring unexpectedly, and an effective outage of a site (or sites) before the problem is found, fixed (usually with some edits to .htaccess) a new cert is picked up, Apache reloaded, and things work normally again.
http://example.com/.well-known could either be allowed in all cases (overriding .htaccess), or be aliased from elsewhere for all sites (same as
http://example.com/webmail, etc), and point to a single unified location, ideally which is easy to find in case someone is using it for something other than