And if changing the DNS entry is problematic, for example the DNS provider used doesn't have an API, you can redirect the challenge to another (sub)domain which can be hosted by a provider that has an API.
I've done this and it works very well. I had a Digital Ocean droplet so used their DNS service for the challenge domain.
And if changing the DNS entry is problematic, for example the DNS provider used doesn't have an API, you can redirect the challenge to another (sub)domain which can be hosted by a provider that has an API.
I've done this and it works very well. I had a Digital Ocean droplet so used their DNS service for the challenge domain.
https://letsencrypt.org/docs/challenge-types/#dns-01-challen...
I use dns01 in my homelab with step-ca. works like a charm, and it's my private certificate authority