I’m using your bncert-tool to install letsencrypt certificate. I got this error while trying to install the certificate.
Warning: The domain 'xxxxxxxxxx' resolves to a different IP address than the one detected for this machine, which is 'xx.yy.zz.ww'. Please fix its DNS entries or remove it
My domain was pointing to Load Balancer IP address. So I had to change it to my server IP address in the DNS records temporarily to install this certificate, which was fine.
My concern is about the automatic renewal that happens after 2 months. Should my domain be pointed to my server IP address in the DNS records when the renewal happens? that totally ruins the pointing of having an AUTOMATIC renewal as I have to temporarily change my DNS records which is a MANUAL task.