Hi community, I have created a new project "siteforfive.com". It is same like wix.com where a user can create their own website. So When a user adds new domain name on the platform then a user has to create a Cname record in his DNS settings on his domain name provider and then his domain name can successfully point to "target.siteforfive.com" easily but the problem is that I am not able to provide the ssl certificate to the user's domain name because it is not in my control. Can someone please tell me that how can I do it?
I ran this command: certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/.secret/digitalocean.ini -d siteforfive.com -d '*.siteforfive.com' -d userdomain.com -d hello.userdomain.com
Thanks for your response @_az
Actually the problem is that my platform does not control my users nameservers, I just use Txt record to verify there domain and Cname to point to my "target.siteforfive.com" domain. That is why I can not obtain the ssl certificate for their domain name.
I wonder how blogger do it.
By the way If I tell my customer to add NS records on there domain name then how will I verify there domain name because there DNS records will be disabled by the company(Godaddy etc.) and I will not be able to verify Txt record.
Yes, you would not be able to perform DNS-01 authentications against their domains; As you do not control their domain DNS [nor should you ever].
But, since all HTTP requests will follow the CNAMEs and thus reach your IP, you can use HTTP-01 authentication to validate the challenge requests for their FQDN at your IP [and obtain an LE cert for them].