Install the latest certbot for your system.
Debian:
sudo apt-get install certbot
Windows:
Download and install the latest certbot application and run CMD or Powershell as administratorhttps://certbot.eff.org/lets-encrypt/windows-other Broken 2022
https://certbot.eff.org/instructions?ws=other&os=windows New Link 2022
In your terminal or cmd window:
certbot -d mydomain.com,www.mydomain.com,othersub.mydomain.com --manual certonly
Then follow the prompts and answer yes to IP logging.
By default certbot will validate the domain against an HTTP challenge.
The http challenge will ask you to place 'Keys' in a file with a specific name and specific content in the /.well-known/acme-challenge/ directory directly in the top-level directory (“web root”) containing the files served by your webserver, for the domain you're specifying.
You'll know what file name and key content is required from the terminal/cmd prompts.
If you want to use the DNS challenge, simply specify in the certbot command:
certbot -d mydomain.com,www.mydomain.com,othersub.mydomain.com --manual --preferred-challenges dns certonly
If you want to use a CSR generated by your server, specify this instead of domain in the commandr:
certbot --csr my_csr.csr --manual --preferred-challenges dns certonly
More information can be found here
https://certbot.eff.org/docs/using.html#manual