As you may be aware, ServiceNow uses LetsCrypt.org as its exclusive or primary CA for issuing certs. And from what I understand, ServiceNow manages renewal of the cert. I have a Vanity URL / CNAME record pointing to a ServiceNow instance. The ServiceNow instance is personal-dev.service-now.com. The Vanity URL / CNAME record is www.dev.example.com, which is what I need to create the SSL cert for. I have control over www.example.com, as it's a local web server. I can install and run Certbot off of this local web server. The problem is I don't know how to generate a LetsCrypt.org signed cert for the scenario I laid out above.
ServiceNow is not listed as a LetsEncrypt hosted provider, meaning you have to upload the cert to ServiceNow. I cannot use Certbot's manual mode HTTP challenge, as I have no control of site-level folders in ServiceNow and can, therefore, not create a new web folder at the ServiceNow instance webroot.
Certbot's manual mode DNS challenge may be the way to go. I'd rather not create a TXT record, as the request to add a new DNS record may take a few days or longer to be fulfilled. I was reading up on DNS verification via a CNAME record. That sounds more appealing, to be honest. Would it have to be a brand new CNAME record or can I use CNAME www.dev.example.com as verification in order to create a cert for CNAME www.dev.example.com? If yes, how?
Given the scenario above, what are my other options? Are there ACME clients which can create the cert without resorting to DNS or HTTP challenges or any DNS changes for that matter?
One other option I thought of might be point CNAME www.dev.example.com to www.example.com. Then run Certbot off of www.example.com and create cert for www.dev.example.com. Since it's all local, I won't need to use manual mode, correct? If that works, once I have the signed cert, I can point CNAME www.dev.example.com back to the ServiceNow instance and, finally, upload the cert and key store to said ServiceNow stance. And, again, ServiceNow manages cert renewals every 90 days
I'm curious to hear what are the potential solutions here.
Thank you for your help in advance.
References
https://eff-certbot.readthedocs.io/en/stable/using.html#manual