Hey there. I'm well familiar with SSL and have been using lets encrypt for months, but I have an interesting problem that none of the FAQ's seem to cover. I've been running Apache since the SSL support required a commercial product, and my day job involves DNS. This is purely an implementation question, not a help request.
Often, I will set up a site for someone, with a temporary domain name (like username.myhostingco.com) that they can use to test and stage files, and then move their DNS over when they're done. Apache has their domain names (foo.com and www.foo.com) ready to go as ServerAliases. But, until I have some cert to put in place, I can't configure HTTPS support. Lets Encrypt gives me sort of a chicken and egg problem. Apache won't start without a cert configured. (I could certainly point it at a self-signed cert to get it to start up, that's not the question).
Obviously, for certbot to work, DNS needs to be pointed at my server so I can answer the proper challenges. There's no way around this.
What I don't understand is the failure mode if I configure foo.my.com, with foo.com and www.foo.com as aliases. Will I still get a cert, but simply not with the other names attached -- or will the challenge just fail outright.
The client I'm using is Dehydrated. I could certainly switch to something else if this is an advanced feature.