One common deployment scenario that I encounter is where over the course of a few months, I build out a webserver, and then later switch the DNS to the new server to make it live. Usually, as one of the pre-deployment steps, I generate an SSL certificate for the new server (or copy the ssl certificate from the original server to the new server) so when I go live, the cert will already be valid. This way, I don’t have to worry about ssl generation during or after go-live.
From the demos that I’ve seen, it looks like the let’s encrypt client requires that the domain be pointed at the server running the client (to verify the domain). This means that it might be difficult to support the above scenario without some period of an invalid certificate.
Is there a recommended approach to use let’s encrypt to establish a certificate prior to switching the DNS over to a specific server?