Let's encrypt validation certbot

I’m trying to get a ca certificate from lets encrypt using certbot.
I follow this guide: https://docs.gitlab.com/ee/user/project/pages/lets_encrypt_for_gitlab_pages.html

the first question is where do i need to create the .well-known/acme-cahallenge/hash folder.
It’s in webroot but where is the webroot? it’s not var/www/.

second question which is your domain to use because i have gto domain.me
but obviously for git i have git.domain.me and i aslo have www.domain.me but all domains are linked with a record to my ip address. i want to use the ca certificate for gitlab but also to sign client and or server certs for all internal communication withing my vm’s.
kind regards