Cert for smtp-only systyem

how to i get a cert for a mail server that does not have a web server? i just spent half an hour searching the net of a thousand lies to no avail.

You can use the standalone mode to run a temporary web server, or use a client that supports the dns-01 challenge.

i normally use acme_tiny.py because i will not run 100kg of code with root privs. got a client that does the fake.temp server without root? e.g. using dns to prove control?

You can’t do a temp server without root as it needs ports <1024.

For the DNS challenges you can use letsencrypt.sh with an appropriate hook.