Using dns-01 with Letsencrypt for getting certificates for VPN / intranet sites

It's a simple two-step process of building certbot locally and doing the request.

Installing and building certbot:

$ git clone
$ cd certbot
$ cd acme
$ python install --user
$ cd ..
$ python install --user

Doing the request:

$ ~/.local/bin/certbot certonly --manual -d $DOMAIN --preferred-challenges dns-01
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1):
    Obtaining a new certificate
    Performing the following challenges:
    dns-01 challenge for $DOMAIN

    NOTE: The IP of this machine will be publicly logged as having requested this
    certificate. If you're running certbot in manual mode on a machine that is not
    your server, please ensure you're okay with that.

    Are you OK with your IP being logged?
    (Y)es/(N)o: y
    Please deploy a DNS TXT record under the name
    _acme-challenge.$DOMAIN with the following value:

    <long string of text here>

    Once this is deployed,
    Press ENTER to continue

Now you have to add the TXT entry in your dns. Wait until it is deployed and press enter and you should be done:

    Waiting for verification...
    Resetting dropped connection:
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

     - Congratulations! Your certificate and chain have been saved at
         Your cert will expire on 2017-02-03. To obtain a new or tweaked
         version of this certificate in the future, simply run certbot
         again. To non-interactively renew *all* of your certificates, run
         "certbot renew"
     - If you like Certbot, please consider supporting our work by:

         Donating to ISRG / Let's Encrypt:
         Donating to EFF:          

Hopefully the dns-01 code should be released on my unstable machines before I need to renew the certificates..