According to the Expressway Certificate usage guide, the Expressway E on an MRA setup needs:
1. Its own FQDN
2. The name of the registration domain
In order to get this working with LetsEncrypt, I have to have DNS a records for expressway.mydomain.com and mydomain.com pointing to the IP address of the Expressway E.
How the heck are you going to pull this off? That registration domain is also the company root domain, and it's pointed elsewhere. This cannot be a unique problem. How do you work around it? Or will it work with just the FQDN???
"I don't recall seeing that caveat in the 12.7 guides." - Yes/No. That kind of info was already there since ages. But I didn't really had an impact anywhere else than on the certificate's SAN entries. You could choose to include the registration domain either as it is (e.g. "cisco.com") or with the prefix "collab-edge" (e.g. "collab-edge.cisco.com"). Depending on, if it is allowed by the CA to include the public domain. But there never had to be a DNS record for that in regards to Expressway.