The DNS provider needs to provide an API, but not an ACME server.
Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let’s Encrypt to use DNS based authentication. Let’s encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let’s encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.
Yeah. For wildcard DNS from letsencrypt, you can’t do HTTP validation, only DNS, which involves creating a TXT record.
Your DNS provider needs to run an ACME server, which runs an API that’ll add the required TXT records on request.
As I understand it.
The DNS provider needs to provide an API, but not an ACME server.
Your server contacts Lets Encrypt and wants a certificate - say for homeserver.example.com. It tells Let’s Encrypt to use DNS based authentication. Let’s encrypt answers with a challenge code, that you now publish as a txt record with a defined name via your providers API for this (sub)domain. Let’s encrypt then checks the TXT record and if it finds the challenge there, it sends you the certificate.