As long as you can solve one of the domain ownership challenges supported by Let’s Encrypt, the certificates can be used for any kind of TLS server, independent of whether that server is the actual web server for that domain. The tricky part is just figuring out how to solve the ownership challenge - that’s very easy for web servers, but might be a bit more tricky in other cases. Here are some possible solutions:
- If your web host has some way for you to upload files (SSH/SFTP/FTP), you can use the
HTTP-01 challenge. GetSSL is a great client for this purpose, as it allows you to remotely upload the challenge verification files to your web host (while
GetSSL itself would run on your XMPP server).
- Another option would be to use the
DNS-01 challenge type. If your DNS provider allows you to modify DNS records through some API, you can verify domain ownership by creating a TXT record. This is supported by a number of clients like lego or the bash clients, the links can be found here.
- Finally, if none of these options work for you, you can try
certbot's manual plugin, which allows you to upload the challenge files manually (through your web hosts’s control panel or whatever). Note that this is something you’ll have to repeat manually at least once every 3 months.