Hi - my host says that they can only allow LE Certs on domains they host due to restrictions from LE themselves. I’ve never encountered this before across a fair amount of hosting providers and wanted to confirm that this is indeed a fact. I appreciate that I can generate certificates myself - but the auto-renewal function of a hosted solution is far more preferable.
I don’t want to disclose the host or the domain here for security reasons, but to be clear - every hosting platform I’ve ever used allows installation of a Let’s Encrypt certificate to a hosting account with no restrictions. This particular host however insists that we can only have this feature if the domain itself is hosted by them also. All I am trying to ascertain is, is this a genuine restriction - perhaps at higher levels of security, or is the host feeding misinformation?
That’s only partly true for the dns-01 challenge. In that case the hoster needs access to the DNS zone, which for practical reasons might restrict the hoster to “self hosted domains only”.
Fortunately, Let’s Encrypt has other challenge types, such as the http-01 challenge! In that case, the hostnames only have to resolve to an IP address of the server of your hosting provider. No DNS access is required.
I would conclude from this analysis that the hosting provider might be referring to a genuine limitation of its own software, rather than a deliberate policy on its part. Still, since that’s not a restriction coming directly from Let’s Encrypt, it’s not something that would apply for every hosting provider.