Hello,
My question is kinda similar to this one: Certificate for just a subdomain
Let’s say that example.com is running on server A without HTTPS. The guys running the site has hired me to build sub.example.com which I host on server B. They don’t give me access to server A. They just point the records in server A for sub.example.com to server B’s IP address.
Can I still use Let’s Encrypt?
Yes, you only need to demonstrate control / ownership of sub.example.com to obtain a certificate for that subdomain.
It’s good news, then.
Now I’d like to know how exactly I’d demonstrate such control.
DNS-01 validation uses a TXT record for _acme-challenge.sub.example.com..
HTTP-01 validation uses a file in http://sub.example.com/.well-known/acme-challenge/.
TLS-SNI-01 validation connects to https://sub.example.com/ with a weird SNI hostname for a special certificate.
So, HTTP-01 and TLS-SNI-01 just require the ability to run a web server, and DNS-01 requires control over one record.