diff --git a/.windsurf/plans/WSRE-607.md b/.windsurf/plans/WSRE-607.md
new file mode 100644
index 00000000..f26c7d14
--- /dev/null
+++ b/.windsurf/plans/WSRE-607.md
@@ -0,0 +1,26 @@
+# Plan: Implement ACME Challenge LB Rules for Bestnet
+
+We will add OpenStack Load Balancer resources to `nomadclient.tf` to handle ACME challenges, creating a dedicated pool and L7 rules to redirect `.well-known/acme-challenge/` traffic. A new variable will be introduced to handle the port difference between environments (8081 default, 8080 for prod-bestnet).
+
+## Proposed Changes
+
+### 1. Modify `nomadclient.tf`
+- Add `variable "nomadclient_acme_port"` with a default value of `8081`.
+- Add the following resources (adapted from the ticket snippet):
+  - `openstack_lb_pool_v2.nomadclient_challenge_acme`
+  - `openstack_lb_member_v2.nomadclient_challenge_acme` (using `var.nomadclient_acme_port`)
+  - `openstack_lb_monitor_v2.acme_healthmonitor`
+  - `openstack_lb_l7policy_v2.acme_challenge_policy`
+  - `openstack_lb_l7rule_v2.acme_challenge_rule`
+
+### 2. Modify `environments/prod-bestnet.tfvars`
+- Add `nomadclient_acme_port = 8080` to override the default for the production environment, aligning with the ticket's note.
+
+## Rationale
+- The ticket explicitly provides the Terraform configuration needed to support the new Vault-based Let's Encrypt integration.
+- The comment "in prod_bestnet protocol_port = 8080" indicates a deviation from the snippet's 8081 for the production environment. Using a variable allows us to apply the standard configuration while respecting the environment-specific requirement.
+- Existing `nomadclient` resources in `nomadclient.tf` confirm the resource names match the snippet (e.g., `openstack_compute_instance_v2.nomadclient`).
+
+## Verification
+- Verify that `nomadclient.tf` successfully validates.
+- Ensure `prod-bestnet.tfvars` correctly overrides the port.
diff --git a/tests/terragrunt/bar/.terraform.lock.hcl b/tests/terragrunt/bar/.terraform.lock.hcl
new file mode 100644
index 00000000..b708bc06
--- /dev/null
+++ b/tests/terragrunt/bar/.terraform.lock.hcl
@@ -0,0 +1,18 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/local" {
+  version = "2.6.1"
+  hashes = [
+    "h1:QH/Ay/SWVoOLgvFacjcvQcrw2WfEktZHxCcIQG0A9/w=",
+    "zh:0416d7bf0b459a995cf48f202af7b7ffa252def7d23386fc05b34f67347a22ba",
+    "zh:24743d559026b59610eb3d9fa9ec7fbeb06399c0ef01272e46fe5c313eb5c6ff",
+    "zh:2561cdfbc90090fee7f844a5cb5cbed8472ce264f5d505acb18326650a5b563f",
+    "zh:3ebc3f2dc7a099bd83e5c4c2b6918e5b56ec746766c58a31a3f5d189cb837db5",
+    "zh:490e0ce925fc3848027e10017f960e9e19e7f9c3b620524f67ce54217d1c6390",
+    "zh:bf08934295877f831f2e5f17a0b3ebb51dd608b2509077f7b22afa7722e28950",
+    "zh:c298c0f72e1485588a73768cb90163863b6c3d4c71982908c219e9b87904f376",
+    "zh:cedbaed4967818903ef378675211ed541c8243c4597304161363e828c7dc3d36",
+    "zh:edda76726d7874128cf1e182640c332c5a5e6a66a053c0aa97e2a0e4267b3b92",
+  ]
+}
diff --git a/tests/terragrunt/bar/README.md b/tests/terragrunt/bar/README.md
new file mode 100644
index 00000000..5f027b40
--- /dev/null
+++ b/tests/terragrunt/bar/README.md
@@ -0,0 +1,18 @@
+# Terragrunt Example
+
+This directory contains a simple Terragrunt configuration that creates a local file.
+
+## Usage
+
+After creating "terragrunt.hcl", run the following commands:
+
+```fish
+terragrunt plan --log-format bare
+terragrunt apply
+```
+
+For variable input, run the following:
+
+```fish
+terragrunt apply -auto-approve -var content='Hello, Terragrunt!'
+```
diff --git a/tests/terragrunt/bar/hi.txt b/tests/terragrunt/bar/hi.txt
new file mode 100755
index 00000000..c37db964
--- /dev/null
+++ b/tests/terragrunt/bar/hi.txt
@@ -0,0 +1 @@
+Hello, Terragrunt!
\ No newline at end of file
diff --git a/tests/terragrunt/bar/main.tf b/tests/terragrunt/bar/main.tf
new file mode 100644
index 00000000..e3ca9643
--- /dev/null
+++ b/tests/terragrunt/bar/main.tf
@@ -0,0 +1,6 @@
+variable "content" {}
+
+resource "local_file" "file" {
+  content  = var.content
+  filename = "${path.module}/hi.txt"
+}
diff --git a/tests/terragrunt/bar/terragrunt.hcl b/tests/terragrunt/bar/terragrunt.hcl
new file mode 100644
index 00000000..e69de29b
diff --git a/tests/terragrunt/foo/.terraform.lock.hcl b/tests/terragrunt/foo/.terraform.lock.hcl
new file mode 100644
index 00000000..b708bc06
--- /dev/null
+++ b/tests/terragrunt/foo/.terraform.lock.hcl
@@ -0,0 +1,18 @@
+# This file is maintained automatically by "tofu init".
+# Manual edits may be lost in future updates.
+
+provider "registry.opentofu.org/hashicorp/local" {
+  version = "2.6.1"
+  hashes = [
+    "h1:QH/Ay/SWVoOLgvFacjcvQcrw2WfEktZHxCcIQG0A9/w=",
+    "zh:0416d7bf0b459a995cf48f202af7b7ffa252def7d23386fc05b34f67347a22ba",
+    "zh:24743d559026b59610eb3d9fa9ec7fbeb06399c0ef01272e46fe5c313eb5c6ff",
+    "zh:2561cdfbc90090fee7f844a5cb5cbed8472ce264f5d505acb18326650a5b563f",
+    "zh:3ebc3f2dc7a099bd83e5c4c2b6918e5b56ec746766c58a31a3f5d189cb837db5",
+    "zh:490e0ce925fc3848027e10017f960e9e19e7f9c3b620524f67ce54217d1c6390",
+    "zh:bf08934295877f831f2e5f17a0b3ebb51dd608b2509077f7b22afa7722e28950",
+    "zh:c298c0f72e1485588a73768cb90163863b6c3d4c71982908c219e9b87904f376",
+    "zh:cedbaed4967818903ef378675211ed541c8243c4597304161363e828c7dc3d36",
+    "zh:edda76726d7874128cf1e182640c332c5a5e6a66a053c0aa97e2a0e4267b3b92",
+  ]
+}
diff --git a/tests/terragrunt/foo/README.md b/tests/terragrunt/foo/README.md
new file mode 100644
index 00000000..5f027b40
--- /dev/null
+++ b/tests/terragrunt/foo/README.md
@@ -0,0 +1,18 @@
+# Terragrunt Example
+
+This directory contains a simple Terragrunt configuration that creates a local file.
+
+## Usage
+
+After creating "terragrunt.hcl", run the following commands:
+
+```fish
+terragrunt plan --log-format bare
+terragrunt apply
+```
+
+For variable input, run the following:
+
+```fish
+terragrunt apply -auto-approve -var content='Hello, Terragrunt!'
+```
diff --git a/tests/terragrunt/foo/hi.txt b/tests/terragrunt/foo/hi.txt
new file mode 100755
index 00000000..c37db964
--- /dev/null
+++ b/tests/terragrunt/foo/hi.txt
@@ -0,0 +1 @@
+Hello, Terragrunt!
\ No newline at end of file
diff --git a/tests/terragrunt/foo/main.tf b/tests/terragrunt/foo/main.tf
new file mode 100644
index 00000000..e3ca9643
--- /dev/null
+++ b/tests/terragrunt/foo/main.tf
@@ -0,0 +1,6 @@
+variable "content" {}
+
+resource "local_file" "file" {
+  content  = var.content
+  filename = "${path.module}/hi.txt"
+}
diff --git a/tests/terragrunt/foo/terragrunt.hcl b/tests/terragrunt/foo/terragrunt.hcl
new file mode 100644
index 00000000..e69de29b