Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
Domain: mail.corkynan.com
Type: unauthorized
Detail: Invalid response from http://cn-mail.corkynan.com/.well...
My web server is (include version): Turned off Apache 2 as certbot requested, so native to certbot
The operating system my web server runs on is (include version): Debian 9 (Stretch)
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don't know): Yes I have full access to all systems on the network.
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot): 0.10.2
Additional Information: While the domain corkynan.com is registered and I can update the DNS records, I am using my own root authority domain controller behind a firewall and NAT. While this server can see the outside world, there is no connection at this time between the registered domain and my internal DNS for my local network.
The question is: Is it possible to use Let’s Encrypt in this configuration, where all DNS registrations for the machines are handled locally since there is no direct access from the Internet into the local corkynan.com domain only outgoing connections (i.e., the Internet cannot see my local systems, including the local authoritative DNS?
