Hi for all, please pointing me how to create SSL certificate to use only on mail server (no web server presented).
The DNS is hosted on Cloudflare, the Certbot DNS request returned with “shilded” IP address, not with the real one.
Please help with your advice.
My operating system is (include version): Debian 8 x64
My web server is (include version): NO WEB SERVER
My hosting provider, if applicable, is: VPS
I can login to a root shell on my machine (yes or no, or I don’t know): YES
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO PANEL
The easiest way currently is probably to use one of the alternate clients. The Bash and Go clients support obtaining a certificate via cloudfare DNS. The scripting module for certbot isn’t 100% there I don’t think yet.
The DNS request shouldn’t need the IP address if you are using the DNS challenge, so would need more information on your domain name, and the exact command you ran to debug that.
If you’re running a publicly accessible mail server, Cloudflare can’t be proxying it. They don’t support proxying mail. It has to be a gray cloud hostname.
In that case, you can also use certbot in standalone mode with (its default) TLS-SNI validation. Though there’s nothing wrong with using another client with DNS validation.
