since my DNS (infoblox) is not in the supported list, I have created my own python wrapper, which works perfectly (even for multidomain and wildcard) and does the following:
- dry-runs certbot once as following:
certbot certonly -c /etc/letsencrypt/cli.ini -d host1.domain -d host2.domain --dry-run </dev/null
</dev/null, which cause a script interruption. Without this trick, the token changes.
upload the DNS challenge on Infoblox
run certbot again, without dry-run and without </dev/null at the end.
delete the challenges from Infoblox
Right now it works like a charm, but it’s a hacky solution (and since I have seen that you keep changing your tool, this approach is not officially supported and may stop working in the future).