With certbot there’s probably a plugin to do it automatically, but if you just want to get something working right now you can run the following to manually run a dns challenge against your chosen domain names and get a cert for any specified. This will expire in ~3 months and you’ll need to do it again, so I’d recommend throwing it in a cron job and finding the applicable certbot-dns-dnsprovider plugin that will make it run without your input. Once you have it working you can extract the certs from /etc/letsencrypt/live on most systems. Just be aware that the files there are going to be symlinks so you’ll want to copy them before tarballing them to move other machines.
With certbot there’s probably a plugin to do it automatically, but if you just want to get something working right now you can run the following to manually run a dns challenge against your chosen domain names and get a cert for any specified. This will expire in ~3 months and you’ll need to do it again, so I’d recommend throwing it in a cron job and finding the applicable
certbot-dns-dnsproviderplugin that will make it run without your input. Once you have it working you can extract the certs from/etc/letsencrypt/liveon most systems. Just be aware that the files there are going to be symlinks so you’ll want to copy them before tarballing them to move other machines.certbot --preferred-challenges dns --manual certonly -d *.mydomain.tld -d mydomain.tld -d *.local.mydomain.tld