Can I use Let's Encrypt if I only possess one subdomain?


#1

Hello,
My question is kinda similar to this one: Certificate for just a subdomain

Let’s say that example.com is running on server A without HTTPS. The guys running the site has hired me to build sub.example.com which I host on server B. They don’t give me access to server A. They just point the records in server A for sub.example.com to server B’s IP address.

Can I still use Let’s Encrypt?


#2

Yes, you only need to demonstrate control / ownership of sub.example.com to obtain a certificate for that subdomain.


#3

It’s good news, then.

Now I’d like to know how exactly I’d demonstrate such control.


#4

DNS-01 validation uses a TXT record for _acme-challenge.sub.example.com..

HTTP-01 validation uses a file in http://sub.example.com/.well-known/acme-challenge/.

TLS-SNI-01 validation connects to https://sub.example.com/ with a weird SNI hostname for a special certificate.

So, HTTP-01 and TLS-SNI-01 just require the ability to run a web server, and DNS-01 requires control over one record.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.