When you install Certbot using the command "sudo snap install --classic certbot" with the "--classic" flag, Certbot is installed in classic mode. Classic mode means that Certbot has access to your system's files and directories outside of the Snap container, which is necessary for Certbot to be able to modify system files to configure web servers and manage SSL/TLS certificates.
By default, Snap packages are installed in a sandboxed environment that isolates them from the rest of the system. This means that they don't have access to system files or directories and can only access files and directories that have been explicitly granted to them. However, some applications like Certbot require access to system files to work properly, and that's where classic mode comes in.
When you install Certbot in classic mode, it will be able to access the files and directories it needs to do its job without any restrictions. This means that you'll be able to use Certbot to configure your web server and manage your SSL/TLS certificates without any issues.
It's worth noting that installing Certbot in classic mode does come with some security risks. Since Certbot has access to system files, if it were compromised by a malicious actor, it could potentially do significant damage to your system. However, as long as you keep your system up to date and follow security best practices, the risks should be minimal.