I have an environment where I needed to secure WP sites as much as possible. I modified trellis to work on RedHat and everything was fine except for the LetsEncrypt ssl generation. Problem is my server was behind a load balancer so it wasn’t communciating correctly. I was able to get it to work with this:
It generated my SSL keys & validated them using TXT DNS record and applied the certs to my web servers. I added a final step for DNS A record to be updated via API as well and change the IP to my new hosting location. It made it much smoother for me and I didn’t need a short window of insecure traffic while changing the IP and generating the certs. It all happened in one go.
They have a pretty good list of DNS providers for automating this process. Worth adding to the repo?