SSL Certificate with subdomain on different server

ssl-certificate domain-name-system lets-encrypt

let's encrypt is requiring to have CAA on the domain

This is not true, see https://letsencrypt.org/docs/caa/

You can use CAA records and Certificate Authorities need to query for them and use them, if they exist. If they don't it is business as usual.

They are unable to renew their own certificate on their server because there is let's encrypt on the main server domain. [..] So how can we make it work that both servers are able to renew certificates properly. I just want to mention they use sectigo.

Easy then, keep your CAA record (if you want), and add another CAA record on subdomain with Sectigo mentioned. Hence certificates for the subdomain can be delivered by Sectigo (and noone else) while certificates for the domain can be delivered by Let's Encrypt (and no one else)

Note that the behavior you observe is specifically because CAA records query "climb" up the root. If no records found on a name, the CA has to recurse towards root to find a CAA record so they obviously hit your current one even for the subdomain.

Certificates are not tied to specific servers. You can have as many different certificates you want at any given time installed on multiple servers, with multiple names in it.

Related

how to remove .php extension using htaccess on godaddy linux hosting
Monit send empty mail
/var/lib/nginx/client_body/0000000011 failed (13: Permission denied) with node.js
Error page on SSL negotiation failure
Inherit proxy_set_header when using it in location block
Setting up a transparent proxy
Windows Certificate Authority Server runaway issuing certs
How to stop app engine instance with API?
veth does not respond to other veth ping requests on same bridge
Error with GCP's KMS with gcloud command line: cryptography.hazmat.primitives.keywrap has no aes_key_wrap_with_padding attribute
The "least bad" settings for Chrony as the NTP server on a virtual machine
Domain is reporting incorrect Name Server information