Looking in the forum for some hints, I found that topic:
CNAME Unknown for certbot renew
This is exactly what I did: puling out the CNAME value for the 2 affected domains from /etc/letsencrypt/acmedns.json
And this solved my problem. Great!
How could I solve that problem cleanly from the CLI?
What are the necessary commands to manage (create, delete, revoke, etc.) standalone TLS certificates?
Here are the commands I mainly use:
$ sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \*.your-domain -d your-domain
$ sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d \*.your-domain -d your-domain
$ sudo certbot renew
$ sudo certbot delete --cert-name example.com
$ sudo certbot revoke --cert-name example.com
$ sudo certbot certificates
Some kind of minimalistic but complete certbot guide about "How to automatically generate TLS certificates in standalone mode with certbot and acme-dns-certbot-joohoi"?
Side questions:
Q1 Is it possible to setup several certbot servers to deliver TLS certificates? (I suppose it is, if there is one CNAME RR on each domain for each certbot server)
Q2 Is using acme-dns-certbot-joohoi (i.e. using xxx.auth.acme-dns.io) 100% safe?...