Let's Encrypt does not charge for certificates. I looked at DnsMadeEasy and they definitely do charge for API access. Usually there's at least a basic free API, or some other way to automate certificates.
Do you need to use the DNS challenge? Let's Encrypt can validate over HTTP, although to get a wildcard you'll need to use the DNS challenge.
Alternatively you could manually enter the TXT record every 90 days, although I don't recommend adding any manual steps to certificates. I personally use Cloudflare DNS which does not charge for API access.
No I do not need to use them, I have just been using them for 10 years. I don't have any problems with changing I just can't believe that you need to pay for an API, $100 at that. Thank you
And I liked your pun or DNS made expensive.
A subdomain off the primary domain. Webserver: domainname.com and mail server with web login: webmail.domainname.com (multiple sub domain names with single SSL certificate) With the above I assumed I needed to get a wildcard ssl cert.. Yes?
Interesting, I was not aware of this, thank you. Based on your reply, I found this info on LE. Now I just need to get the API:
"You can combine multiple hostnames into a single certificate, up to a limit of 100 Names per Certificate. For performance and reliability reasons, it’s better to use fewer names per certificate whenever you can. A certificate with multiple names is often called a SAN certificate, or sometimes a UCC certificate."
If you know at the outset what domains you want to be included in the certificate, it’s not necessary to edit any configuration files. Instead, you can specify the domains on the command line when you first run certbot. For example, you might run something like
Why? You only need API access if you need to make automated updates to your DNS records, and you only need to do that if either (1) you need a wildcard cert (which it seems you don't), or (2) you need to get a cert for a server that isn't accessible from the Internet.
If you do need one of those things, then you'll (effectively) need API access--you could always get along with making manual updates to the DNS records whenever you get or renew a cert, but that's not the way Let's Encrypt is intended to be used. There are several ways in which you could accomplish this, including (in no particular order):
Pay the $100 to DNSMadeExpensive
Move your DNS hosting to another DNS host who's less user-hostile--Cloudflare is pretty popular (I've been entirely satisfied with their service), it's free for DNS service (with no cost for API access), and gives you plenty of bells and whistles (at additional cost) if you want or need them. But Cloudflare certainly isn't the only option out there; there are dozens of DNS hosts with API access.
Host your own limited DNS server whose only function is to serve the challenge tokens using acme-dns.
Use acme-dns' hosted service--not really how it was intended to be used, but nothing prevents you from using their service that way.
Use challenges.addr.tools much as you would acme-dns
But if the dns-01 challenge isn't necessary, why change? There might be other, non-certificate related, reasons to change away from DNSMadeExpensive (), but in this case I don't think the certificate is one.