The acmeprober program runs against an actual ACME CA implementation. It spins up an HTTP server to fulfill authorization challenges or execute a DNS script to provision a response to dns-01 challenge.
For http-01 and tls-alpn-01 challenge types this requires the ACME CA to be able to reach the HTTP server.
A usage example:
go run prober.go \ -d https://acme-staging-v02.api.letsencrypt.org/directory \ -f order \ -t http-01 \ -a :8080 \ -domain some.example.org
The above assumes a TCP tunnel from some.example.org:80 to 0.0.0.0:8080 in order for the test to be able to fulfill http-01 challenge. To test tls-alpn-01 challenge, 443 port would need to be tunneled to 0.0.0.0:8080. When running with dns-01 challenge type, use -s argument instead of -a.