certbot

DNS certificate

mkdir tmp
DOMAIN='domain.tld'
certbot \
--config-dir tmp \
--logs-dir tmp \
--work-dir tmp \
certonly \
--agree-tos \
--manual \
--no-eff-email \
--preferred-challenges dns \
--csr tls.csr \
--email acme@${DOMAIN} \
--domains ${DOMAIN},*.${DOMAIN}