Hi, @rasulkireev. When I need to to this for a domain using Netlify DNS, I use certbot and the DNS verification option with that tool (using the option --preferred-challenges dns).
The certbot tool will prompt you when it is time to make the DNS record at Netlify like this:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
SII9yM27mMu0QXUV3wPy7cObmFH2853TaLvic8GXtwE
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Then make a DNS record at Netlify of the type TXT with a name of _acme-challenge and the value being the string given (which was SII9yM27mMu0QXUV3wPy7cObmFH2853TaLvic8GXtwE in that example above).
Once all DNS records are verified, the certbot tool will download the valid SSL certificate to the local (or remote) system that ran the certbot command. (It is then safe to immediately delete the TXT records are they are only used once and the same values won’t be used again.)
You can do this while hosting other sites on Netlify and continuing to use Netlify DNS. I love both Let’s Encrypt and the cerbot tool so please reply here if there are other questions about this.