I updated text above, read a bid more into it.
Yeah your plan will work, at least with Lighttpd. For the other webservers we use the Certbot internal installer method (via Nginx and Apache plugin), so creating certs manually and run dietpi-letsencrypt afterwards, will not install those certs to the webservers.
So it makes sense that we integrate it partly:
- Using the dietpi-letsencrypt mask to enter info.
- Allow to choose DNS challenge for wildcard certs and subdomains which do not resolve to the local webserver.
- In case of DNS challenge selected, show an additional input field to add those additional domains. It makes sense to have a "main" domain field separatly, which is used to give the webserver a server name.
- In case of DNS challenge then inform the user to follow Certbot instructions and update the DNS record manually before continuing.
In case of Nginx and Apache, Certbot as well allows to separate authentication and install methods, so we can stay with Apache/Nginx automated cert+key+SSL config install and use DNS challenge for authentication only.
Hmm, acme.sh has a very large amount of DNS APIs included:
https://github.com/Neilpang/acme.sh/tree/master/dnsapi
This would be much easier to implement natively, since we can simply scrape the directory and list the files. Their names should allow users to select the correct one for their provider, otherwise select manual. Certbot plugins are much less available and we would need to call APT to scan for available plugins... and as far as I could see, the required option to call the plugin + required input fieds are not consistent as well.