I’m trying to enroll a CSR I created using OpenSSL for a subdomain I own using the “certonly” and “–csr” options. I was able to enroll for a certificate using this method for the parent domain without any issues but I’m having difficulty doing it for my subdomain (the CN and SAN are set to my subdomain). I have my DNS configured with A records for my parent and subdomain that resolve to the host where I’m running the Let’s Encrypt client.
Is there an additional option I need to specify to the client or something else?