Jul 21, 2008
South Africa
Hi, I've got a web app that I want to white label. In order to provide a white label solution, I will require a SAN (Subject Alternate Name) SSL certifcate, of which the list of SAN's can be updated programmatically & dynamically.

1. My app domain is
2. User wants his account to work from, so he creates a CNAME or A record that points to
3. My server now needs to provide a SSL certificate for, but my server is not owner of that domain, so the only way to achieve this is with a SAN certificate, or some sort of DNS validation for let's encrypt.

I've looked around on the web, and certbot seem to support such functionality. I don't want to install certbot on my live server and possibly cause downtime.

Can anybody provide me with some insights into how to achieve this?

Your help is greatly appreciated!