sudo certbot certonly –standalone -d server.internal.company.ca
to this line:
sudo certbot certonly –manual –preferred-challenges=dns –email firstname.lastname@example.org –server https://acme-v02.api.letsencrypt.org/directory –agree-tos -d *.company.ca
When –preferred-challenges=dns is used, I had to create a TXT record with my registrar, but after you doing this once for each domain it shouldn’t be necessary again. I’ll report back when I know the rest of Eric’s scripts are working.