Manually modifying webroot / dns entries

Hi all.

Hope this is the right place to ask this question.

We have an existing website and are evaluating moving to Let’s encrypt for our certificates. As the site is quite used and we have a complex architecture (web servers mount a readonly webroot, it can only be modified fom a backend webserver with no access to internet, reverse proxies, no internet access from webservers etc) is it possible to do manually step by step the certificate request and the verification process?

I’ll try to explain better, is it possible to make the client ask me to do the required DNS modifications / put the eventual resources on our webroot?

I followed the various documnets on the website but couldn’t find info on this.

Thanks in advance!

Just to add on this, for me it would be fine to use the DNS verification too, actually that would be better, but even that i’m afraid to automate DNS modifications. Is it possible to have the client (or even a document) tell me what entry to add?

If you set the client to manual mode, it will behave in exactly the way you’re describing. An example of how that works is shown at https://wiki.contribs.org/Letsencrypt#Generate_the_certificate_on_the_internal_server.

Thank you danb35 for the reply, i actually was able to get a certificate this way.

Any hints about the DNS way?

I’ve not used DNS validation, but I understand letsencrypt.sh does. See https://github.com/lukas2511/letsencrypt.sh.