You do not have to pull port 80 of the ground, just use dns
certbot -d sub.domain.com --manual --preferred-challenges dns ... certonly ... ... Certbot will then provide you instructions to manually update a TXT record f ... or the domain in order to proceed with the validation.
deploy a DNS TXT record under the name
To obtain a DNS-validated SSL/TLS certificate, you can perform a manual verification using the Certbot plugin. This process involves:
- Running the command
certbot -d yourdomain.com --manual --preferred-challenges dns certonlyto initiate the verification process. - Following the instructions provided by Certbot to update a TXT record on your domain with a specific value.
- Updating the DNS record with the correct value and pressing Enter to continue.
Tips for Manual Verification
- You can minimize interactivity by using options like
--text,--agree-tos, and-dwith your command. - If you want to renew your certificate, use the same command but without
the
--renew-by-defaultoption.
“Guide” on using certbot with DNS challenge. guide