1. Letsencrypt/certbot/UserGuide

https://eff-certbot.readthedocs.io/en/stable/using.html

1.1. DNS plugins

If you’d like to obtain a wildcard certificate from Let’s Encrypt or run certbot on a machine other than your target webserver, you can use one of Certbot’s DNS plugins.

These plugins are not included in a default Certbot installation and must be installed separately.

They are available in many OS package managers, as Docker images, and as snaps.

Visit https://certbot.eff.org to learn the best way to use the DNS plugins on your system.

Once installed, you can find documentation on how to use each plugin at:

    certbot-dns-cloudflare
    certbot-dns-cloudxns
    certbot-dns-digitalocean
    certbot-dns-dnsimple
    certbot-dns-dnsmadeeasy
    certbot-dns-gehirn
    certbot-dns-google
    certbot-dns-linode
    certbot-dns-luadns
    certbot-dns-nsone
    certbot-dns-ovh
    certbot-dns-rfc2136
    certbot-dns-route53
    certbot-dns-sakuracloud

1.2. Renewal

Renewal with the manual plugin

Certificates created using --manual do not support automatic renewal unless combined with an authentication hook script via /--manual-auth-hook to automatically set up the required HTTP and/or TXT challenges.