I'm trying to generate a cert for an IoT device on a local network. This just uses the hostname so it's not a traditional URL. I'm also interested in trying the IP address cert but I don't think that's released yet.
I ran this command: certbot certonly --standalone --register-unsafely-without-email -d <my device name>
It produced this output:
An unexpected error occurred:
The server will not issue certificates for the identifier :: Invalid identifiers requested :: Cannot issue for "<my device name>": Domain name needs at least one dot
My web server is (include version): Mongoose 7.18
The operating system my web server runs on is (include version): Ubuntu 20.04
I can login to a root shell on my machine (yes or no, or I don't know): Yes
If you want a certificate from Let’s Encrypt, you will need to register a domain. Since the device has a private IP address, I would recommend using the dns-01 challenge.
In the future, you will be able to get certs for IP addresses, but keep in mind that those are only for non-private IP addresses. So 192.168.0.0/16, 10.0.0.0/8, etc, are out of the question.
Another option is to use a certificate that is chained to a private root certificate that you control. There are multiple ways to do that, I would recommend having a look at Filippo Valsorda’s tool mkcert.