Hosting a website for a customer, lets say server1.acme.com and they want me to include the domain name in the certificate in this case acme.com. I don't know how to do this. I tried adding an aliasdomain and it let me add it and the domain shows up in /etc/apache2/acme.com.vhost as a ServerAlias, but when I go to remove / reissue the letsencrypt certificate will it fail since it does a verification of the DNS and acme.com will not be my IP range? Looking in the Letsencrypt docs its the -expand featureI would use to add an alternate name for just the domain name?
there needs to be an A or AAAA record for acme.com pointing to the server hosting that website. unless the server can be reached using that resolved domain name then letsencrypt cannot validate it and issue a certificate.
not sure that will work... letscencrypt connects to the webserver to validate.. adding another ip as an alternate A record will likely cause problems. i assume they're using it for another website somewhere else.. if you add another ip in dns, they will all get returned in a dns lookup, but you don't know what ip the pc doing the lookup will use to connect to the target server.. someone trying to actually get to the acme.com site will get taken to your webserver, and letsencrypt, trying to validate the domain on your webserver, may try connecting to one of the other, already existing ip's.
I just emailed with the owner of the domain and their tech said they should just point the actual A record to our IP as the only A record. We host their corporate website and right now they are doing a redirect internally at their firewall to point to our web server. If they point the single A record of acme.com to our IP and me setting up an aliasdomain for their domain acme.com or www.acme.com pointing to their website on our server it should resolve correctly.
