Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: pilot.surepointag.com
I want to offload certificate in AWS ALB and also I want to make sure auto renewal of the certificate takes place. Now I found that while running certbot and domain to process a cert it is validating the domain and A record. But my domain ( in godaddy) has a cname record created to AWS ALB dns. I want to know is there any way we can create a certificate with domain which has cname to ALB DNS ? Had anyone have a solution on that ? Please suggest.
The DNS Challenge described by @Bruce5051 might be possible. But, looks like your DNS is by GoDaddy and they have some restrictions on which accounts can use their API to dynamically update DNS records.
The HTTP Challenge is possible if you can modify the nginx server behind ALB.
An HTTP Challenge works by sending an HTTP request of this format to the domain you want the cert for. The Let's Encrypt server sends it to the IP in the public DNS so goes to your ALB first.
Sending such a request to your domain today results in never ending sequence of redirects. The ALB is doing the redirect from HTTP to HTTPS. That's fine. So, you have to make sure your nginx server handles this challenge when ALB sends it to your nginx.
Note this redirect "loop" affects a wide variety of requests to your domain right now. Even ones to your "home" page. So, you should probably fix that anyway.
Sample series
# ALB redirects HTTP to HTTPS (and explicit port 443)
curl -i http://pilot.surepointag.com
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Location: https://pilot.surepointag.com:443/
# Follow that and an nginx replies with a redirect without explicit port
curl -i https://pilot.surepointag.com:443/
HTTP/2 301
location: https://pilot.surepointag.com/
server: nginx
# Following that redirect has nginx redirecting to the same location
# This repeats "forever" (loops)
curl -i https://pilot.surepointag.com/
HTTP/2 301
location: https://pilot.surepointag.com/
server: nginx
Usually, the easiest way to load a certificate into AWS ALB is to use AWS's built in (at no additional cost) own certificates, which once you have the CNAME set up to delegate to them they'll handle renewing automatically as well.
You can use Let's Encrypt certificates and script loading them into ALB if you really want to, but I think you'd want a good reason before doing so.