So if you want to protect a website with .htaccess and .htpasswd basically you will use
AuthType Basic
AuthName “Password Protected Area”
AuthUserFile /path/.htpasswd
Require valid-user
If you want a subdirectory to be excluded from auth like .well-known , for lets encrypt then a easy way it to create a .htaccess on .well-known directory and place in it
Satisfy any