I have a number of questions, having read the techincal overview about things I don’t understand.
The technical overview says the LE decide which mechanism to use to validate I “own” the domain I am asking a certificate for. However, all the user guides I’ve read for the client software implies that how I run that software chooses the validation mechanism. I am administrator for a two domains where I control the software on the host, but I have to ask someone else to change the DNS if I need it doing (which has only happened when I changed my virtual machine I run these domains on). So I can easily meet the webroot requirements, but it would be quite difficult to meet
I am in the early phases of developing a Single Page Application which ultimately will run on the internal network of a fairly small company that at the moment uses a “companyname.local” domain internally. Does such a domain name totally preclude it being used with LE?
3 An alternative that might work (with some political difficulty) is to create some sub domains of a domain name I own. Particularly as I try things out, and especially http/2. I could temporarily expose said domain names on a staging server and get past the initial validation phase and obtain the first certificate, and then redirect them to the internal (192.168.x.x ip addresses). Once I have had a subdomain validated, can I automate certificate renewal without re-exposing these subdomain names to the outside internet again? (The technology overview seem to imply that validating that I control the domain of was a one time process, and that subsequent renew didn’t require re-exposure, but it didn’t explain how I can then go about renewing automatically). (Other posts suggest split DNS and indeed that is certainly possible where I am doing this development - at home - which has a has a small raspberry pi running dnsmasq as my internal domain name server, not sure if it would work in this small company).