There are several topics on this subject - too many to actually wade through. Many are 2-3 years old as well so are basically obsolete, I think as they often start out with … when dns-01 challenges become available… which, I believe are available now, no?
From what I have been able to gather about dns-01 challenges is that I will need to place a txt record in dns for each domain. I am going to assume that any server which I am running certbot on will renew the cert on that server if the dns-01 challenge is correct. Do I assume correctly?
Will this txt record be valid for one time use only? Will I have to change it for each server to obtain/renew a cert?
So, I guess what I am asking for is knowledge with the best way to proceed. To clarify my A records look like:
;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 300 IN A 198.51.100.42 example.com. 300 IN A 203.0.113.13 example.com. 300 IN A 192.0.2.37
(NOTE: I stole the above from someone else’s old post,)
… in a perfect world would like each of the 3 servers to install and renew it’s own cert for each domain in question. Do-able? If not, what is the recommended path to take?