I've yet to set this up so a more general question.
Using http-01 it is not clear to me if when I request a certificate the web server used to do the validation needs to match the name in the cert.
that is, if I requested a cert for alice.some.domain.com does the challenge need to go to http://alice.some.domain.com/.well-known/acme-challenge/
or is it only the domain part that must match?
So the request could be sent to http://bob.some.domain.com/.well-known/acme-challenge/
This is addressing the scenario where the website is managed by a third party but I as domain owner has to manage the certs. Thus implying the above, where the website is not directly controlled by the domain owner. Is there a best practice way of solving this problem? In particular where the DNS-01 challenge method is not available to us.
Thanks.
My domain is: not yet ready
I ran this command: none yet
It produced this output: n/a
My web server is (include version): unsure
The operating system my web server runs on is (include version): redhat
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not yet used.