I can’t figure out, how to renew my certificates for my subdomain (dyndns) which has a different ip than the a-record for my domain. For example:
Domain at my hoster: test.tld ip 126.96.36.199
Subdomain via dyndns: asdf.test.tld, ip 188.8.131.52
The subdomain has an Nextcloud installation, and a reachable port 80 (and 443) on asdf.test.tld or via ip 184.108.40.206.
When I try to renew my outdated certs (the initial cert had been issued when the test.tld ip pointed to my local dyndns machine) i receive the following failure:
Domain: asdf.test.tld Type: unauthorized Detail: Invalid response from http://asdf.test.tld/.well-known/acme-challenge/J7mynGad-1qFxtmHk6
[220.127.116.11]: “\n\n400 Bad
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
On a different way:
DNS lookup failed with dig. The external IP (18.104.22.168) address of this server is not the same as the A-record (22.214.171.124). │
│ Please check your DNS settings! Maybe the domain isn’t propagated?
How can I tell certbot to ignore the a-record for the domain, and to use only the sub domain ip?