My DNS provider doesn’t have an API for setting DNS, which makes doing dns CNAME validation manual.

Therefore, what I do is:

• Have a public nginx server and point public DNS records to it, then generate certs against it
• Pull those certs to my internal nginx server in my lan
• Use pi.hole to set internal DNS records (so jellyfin.mydomain.com points to 10.10.110.23 within my network)