Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: certbot.int
I ran this command: wacs.exe
It produced this output: [certbot.int] {"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: NXDOMAIN looking up A for certbot.int - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for certbot.int - check that a DNS record exists for this domain","status":400,"instance":null}
My web server is (include version): IIS
The operating system my web server runs on is (include version): Windows Server
My hosting provider, if applicable, is: Local DNS Server and Local IIS
I can login to a root shell on my machine (yes or no, or I don't know): I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): v2.2.9.1701
If I create for a site without a dot it complains about No dot and if I use a dot it gets above error. I have a local DNS server with a zone and a 'a record ' Certbot.int with my local IP. and I set my adapter's DNS to my DNS IP then alternate 8.8.8.8.
You cannot get a certificate from a public CA for a non-public domain name. See also Certificates for localhost - Let's Encrypt; it's also quite suitable for other local hostnames/IP address without a public domain name.
Also, why would you want a certificate with the name 'certbot'? Weird.
I wasn't contradicting that and fair enough to emphasize it. Was just educating poster about options for "Certbot". And to avoid future readers thinking Certbot was only viable for Let's Encrypt
Hi @MG1376 there's a little bit of confusion here becuase I don't think you are using Certbot (which is a popular ACME client mainly used on linux), I think based on the version number you mention you are instead using win-acme, which is very different software.
As others have mentioned is you want a certificate from Let's Encrypt it needs to be a public name that can bee seen in public DNS (like mail.yourdomain.com) and it can't be an internal name (like intranet01 or webmail.local) because Let's Encrypt can't validate internal host names.
If you can't give your services a public name (?) then you can use an internal CA (not Let's Encrypt) that you run yourself, examples include smallstep step-ca and hashicorp vault, there is also a windows active directory certificate services but to use that with acme you need some middleware like GitHub - grindsa/acme2certifier: library implementing ACME server functionality to act as an ACME compatible CA, there are probably commercial products too).