Hello, I'm trying to get a certificate from Let's encrypt via certbot for my domain. I have to say that I'm an absolute beginner... The Problem is, that my TLD is *.app which forces HSTS, which means (as I understand it) that I can't access it without HTTPS. But since Let's Encrypt verifies the servers via HTTP I always get the error that Let's Encrypt couldn't verify my server. I'm using Nginx in a Docker-compose container. Currently, I'm using a bought certificate, but that's not the solution I wished to have. Do you have any Idea how I can use Certbot with my .app domain and Nginx in the Docker?
My domain is:
formmanager.app
My web server is:
Nginx
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
Ionos
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
Well, you can't access it over HTTP using an HSTS-preloaded web browser.
There's some steps missing there between your premise and your conclusion. Let's Encrypt doesn't use an HSTS-preloaded web browser. That is, it doesn't load Chrome or the like to try to access your site, but makes the HTTP call directly. You can use most command-line tools (like curl or wget on Linux, or Powershell's Invoke-WebRequest) to access HTTP just fine, and I think there are still some more-traditional web browsers out there that don't use Google's HSTS preload list. So there shouldn't be any problem using Let's Encrypt, as long as your port 80 is open and configured properly.
Another option, which some people find easier, is that if you can automate updating TXT records in your DNS then you can use the DNS-01 challenge instead.
The physical systems in use have no idea that you are using an .app TLD.
And you should be able to easily add any other TLD to that exact same system.
So... if it can allow port 80 for anyone of those TLDs, it can allow it for all of them.
Please ensure that your Hosting Service Provider (HSP) (presumably IONOS) is not blocking any ports.