I have a client who has asked me to set up a subdomain that delegates to a set of nameservers for handling email. This is a little bit ouside of the work I normally do.
They've explicitly told to me to ensure that the subdomain is set up with SSL. This seems like a strange ask to me because of the NS record type. AWS Route 53 doesn't give me any options to select a certificate when configuring a subdomain and semantically speaking, how could you apply an SSL cert for this scenario when you don't control the application servers?