after certbot is installed on your system you can run the following command
sudo certbot -d www.domain.com --manual --preferred-challenges dns certonly
you should see this output
Please deploy a DNS TXT record under the name:
_acme-challenge.www.domain.com.
with the following value:
<TOKEN>
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.vcse-01.mbcurtis.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
NOTE: you will likely need to wait a while for DNS to propagate to hit enter otherwise this will fail