Hi, thanks for Tachyon. Very cool.
How could I leave the ".well-known/acme-challenge/..." path unmanaged by Tachyon to allow the let's encrypt certificate to be renewed?
I am currently manually renewing the certificates using dns challenge.

Any hints are appreciated

How requests are routed to Tachyon is up to you; for example, we have our CloudFront distribution pass /tachyon/ URLs to Tachyon, so /.well-known/ would be handled for us at the CF layer.