You can request it with --manual
, like
certbot certonly --manual -d '*.mydomain.com'
or if you want to include the apex domain mydomain.com
too (which would not be covered by *.mydomain.com
because it only has one .
),
certbot certonly --manual -d '*.mydomain.com' -d mydomain.com
Certbot will tell you the DNS TXT records to create to satisfy the challenges, and ask you to press Enter to continue when ready.
This is not great because this can only be renewed by re-running the same command. (The automated renewal command certbot renew
will give a note that a certificate obtained with --manual
can't be renewed with certbot renew
, because the renewal requires human intervention.) You will have a nicer experience if your DNS provider lets you make DNS updates from software via an API, and you can find Certbot integration for that API.